I’m facing an issue with my VPN server configuration. I have a VPN server that uses the 10.31.4.0/29 subnet for static IP assignments, which should allow up to 5 distinct peers to connect with unique static IPs (10.31.4.2–10.31.4.6).
From my local computer, I was able to successfully connect 5 different peers, each receiving one of the expected static IPs. However, when I try to connect additional peers (peers 6, 7, and 8) to the same server, while the connections are established, these extra peers are assigned IP addresses that are already in use by the first 5 peers meaning that peer 6 for example pick the static IP from peer 2 or peer 7 picks the static IP from peer 1 etc. None of the peers has been disconnected even if they have same static IP.
Can we consider this as normal behavior for this subnet size, or am I missing something in the configuration?
I did check the code and the last 2 usable addresses were being skipped. I believe those were excluded from temporary addresses to reserve for future use but I removed this and the addresses will be available in the next release.
But how is it even possible - two users/peers to share same static IP ?
In my case peer2 and peer6 had the same static IP when connected to the VPN and they weren’t even disconnected. Is that expected behavior ?
Also, what do you mean by “future use” ?
What about the maximum available users/peers that can connect to a server with CIDR mask /29 , shouldn’t they be max 5 or 6 and why I was able to connect 7 peers ?
So this is kind of expected behavior but is this right?
We might get routing conflicts like this - traffic intended for one peer might get misrouted to the other, resulting in lost, delayed, or incorrect data delivery, also if traffic is misattributed due to a duplicate IP, it may allow one peer’s data to be mistakenly delivered to another, posing potential security risks.
I think 2 peers having same static IP shouldn’t be allowed at all.
What do you think?
There are a lot of users who configure servers with an incorrect subnet size, this functionality is done to keep those configurations working as best as possible. You can avoid the problem by using a larger subnet.