IP addresses
It is important to choose an IP address range that does not have or has goods odds against, conflicting with remote client address pools. If VPN uses IP addresses from a range shared by a remote client address pool, packets meant for the client LAN may attempt to traverse the VPN to the wrong system or to a system that doesn't exist at all. Alternatively, the traffic may never leave the client LAN and be routed to a local resource, instead.
The following diagram illustrates a fairly severe case of what I'm describing. There are various resources identified with their associated LAN address on both sides.
On the left, there is a network where the VPN server resides. The LAN on the server network uses the 10.4.0.0/24
subnet. For the VPN, ...
Get Troubleshooting OpenVPN now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.