A VPN creates a virtual network between two machines. Each end needs an IP address.
In your example, `10.8.0.254` is the address that will be assigned to the server and `10.8.0.2` is the address that will be assigned to the client. These addresses are only valid within the tunnel. They are not the real IP addresses.
If you do `ping 10.8.0.254` from the client, you'll get a response from the server. If you do `ping 10.8.0.2` from the server, you'll get a response from the client. If you do `ping 10.8.0.2` from the server, you'll get a response from itself. Which is not very useful.
These IP addresses are not reachable outside the tunnel. The network is private.
You can use any pair of addresses you want as long as they are not used by anything else.
Since this is a point-to-point tunnel, you can get by without assigning IP addresses to the tunnel endpoints and route by tun device instead. It saves some `ip addr` configuration and reduces two NAT (once on leaving local tun and once on the server) to just one NAT (on the server only).
A VPN creates a virtual network between two machines. Each end needs an IP address.
In your example, `10.8.0.254` is the address that will be assigned to the server and `10.8.0.2` is the address that will be assigned to the client. These addresses are only valid within the tunnel. They are not the real IP addresses.
If you do `ping 10.8.0.254` from the client, you'll get a response from the server. If you do `ping 10.8.0.2` from the server, you'll get a response from the client. If you do `ping 10.8.0.2` from the server, you'll get a response from itself. Which is not very useful.
These IP addresses are not reachable outside the tunnel. The network is private.
You can use any pair of addresses you want as long as they are not used by anything else.