IP addresses

It is important to choose an IP address range that does not have or has goods odds against, conflicting with remote client address pools. If VPN uses IP addresses from a range shared by a remote client address pool, packets meant for the client LAN may attempt to traverse the VPN to the wrong system or to a system that doesn't exist at all. Alternatively, the traffic may never leave the client LAN and be routed to a local resource, instead.

The following diagram illustrates a fairly severe case of what I'm describing. There are various resources identified with their associated LAN address on both sides.

On the left, there is a network where the VPN server resides. The LAN on the server network uses the 10.4.0.0/24 subnet. For the VPN, ...

Get Troubleshooting OpenVPN now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.