There are multiple problems with it:
- There's no space between the pool end and the netmask in the generated config, so it can never work.
- In addition, the netmask parameter is always generated, even though it's only valid for the tap mode. In the tun mode, it prevents OpenVPN from starting.
- Last but not least, ifconfig-pool: first from the subnet option, without checking whether the user defined it explicitly; second time from the client-ip-pool option defined by the user.
Trying to run OpenVPN with extra subnet parameter in ifconfig-pool results in this error and terminates the OpenVPN process:
openvpn-vtun0[9645]: Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode
The man page says:
Valid syntax: ifconfig-pool start-IP end-IP [netmask] For tun-style tunnels, each client will be given a /30 subnet (for interoperability with Windows clients). For tap-style tunnels, individual addresses will be allocated, and the optional netmask parameter will also be pushed to clients.