OpenVPN Static IP address pools

I think I need to add a static IP address pool of addresses from my GREEN network for OpenVPN clients so that they are true members of the GREEN network when they connect (though I’ve found nothing that actually says this is true.) However, I have some issues with the WUI for Static IP address pools not really working as I think it should do:

  • Why is the CIDR value entered as a subnet not handled as RFC-4632 describes? (See the table of page 6 for the correct numbers of addresses/block)
  • Why are the Name and Subnet fields READ ONLY after they are populated by clicking the Edit button?


When I entered a subnet of, which should have 3 bits of unique addresses, [making 6 usable (plus one with all bits on and one off) addresses] and click the Add button, the table shows only TWO addresses available.

OK, I try to Edit the setting, but when the edit version of the form displays, both the Name and Subnet fields are READ ONLY. This is sub-optimal for editing usage. So there is no edit feature.

Sigh. OK, I delete what I entered and try entering instead, trying to get the thing to show the correct number of addresses for the CIDR (but I already know that it won’t.) Anyway, this time it adds to the table and says there are four possible addresses (instead of the correct number of 14 (or 16)).

So, is this WUI screen broken? If not, why does it work this way and why is there an edit button at all. If so, is there a way to manually enter this information correctly?

And finally, is this what I need in order to have my OpenVPN clients become full members of GREEN?

For anyone interested, there’s a calculator at CIDR Calculator that I used to determine the correct value for the range I want to use and works perfectly, bit IPFire won’t take that.

No, the IP is a virtual internal handled IP for OpenVPN. It have nothing to do with you green IP.

OK, I figured out part of why the number of addresses seems surprisingly small: IPFire assigned TWO ip addresses from the pool to each OpenVPN client.

That still doesn’t explain why a CIDR for a block of 8 addresses shows as 2, but I’m getting closer.

It doesn’t help that the documentation on the wiki says

This pool works in a dynamic way whereby each client will be assigned to an IP address.

So this says each client gets one address and never mentions the second one. Or the third or fourth.

To use the explanation on the wiki used 0/8.

There must be 30 or the minimum half (15). So your question is really a good one. Iam also interested why it is so.