What prevents IP conflicts between the balena VPN and networks attached to eth0.
Looking at our OpenVPN configuration I can’t see anything specific to addressing this issue. The topology is set to
p2p, which means that there is no subnet allocated to the interface - just a single
/32 local address. You’re right that this could potentially cause an issue with a local interface, but since the subnets assigned to the VPN server are so large, I believe the chances of this happening are infinitesimal.
Hope this helps.
Looking at the output of
ip route list on my balena device
If my local network was 10.0.0.0/8 instead of 10.0.0.0/16 and a different machine on the same LAN connected on the enp0s3 interface with IP 10.114.101.19 they would not be able to access the web interface being hosted by this balena device.
If I’m understanding your scenario correctly; a locally connected device would access the device via it’s ethernet interface address, not it’s VPN address.
Oh, I see what you’re saying. You’re saying that you would not be able to send a reply to the other machine because the reply would be routed to the VPN interface.
You’re right. That’s probably true. I’m pretty sure that openvpn would at least warn if there was an overlap between it’s interface and another connected interface’s subnet.