Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple NordVPN profiles problems

    OpenVPN
    3
    5
    326
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MadMaxster
      last edited by

      Hi Experts,
      I have configured NordVPN on pfsense without any problems for one profile and everything works.
      But I wish to have a group of devices go through one profile, and a different group go through another profile.
      For example :
      device1,2 -> UK (destination/profile 1)
      device2,3 -> France (destination/profile 2)

      The nordvpn servers push the following to clients with bold the same for all profiles :
      PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.255.0,peer-id 8,cipher AES-256-CBC'

      I think I need to split up the subnets for each destination, and I have done this via some custom options :
      UK : Assigning local subnet 10.1.10.2

      • pull-filter ignore ifconfig;
      • ifconfig 10.1.10.2 255.255.255.0;

      France : Assigning local subnet 10.1.11.2

      • pull-filter ignore ifconfig;
      • ifconfig 10.1.11.2 255.255.255.0;

      This has the desired effect of starting each profile on it's own subnet (after specifying subnets in the OVPN profiles also : IPV4 Tunnel Network : 10.1.10.0/24 & 10.1.11.0/24)

      I know the server on NordVPN's side are still expecting data on 10.100.0.1, so how do I map the individual subnet to each server?
      I've tried specifying "route-gateway 10.1.10.1" but no luck.

      Hopefully one of you guru's can provide some direction/solutions on what the best way to do this is?
      Maybe I don't even need multiple subnets?
      I have seen posts make reference to users having done this successfully, but no-one seems to have posted their solution unfortunately.
      Thx!

      GertjanG T 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @MadMaxster
        last edited by

        @MadMaxster

        Sorry, not an answer, just a suggestion.
        Read this. At first, you'll say : this is not related to my question. But read until the end, and do your own tests.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • T
          The Party of Hell No @MadMaxster
          last edited by

          @MadMaxster When I set up multiple clients using surfshark I copied the original client, edited the "Server host or address" of the new client, changed the description to reflect the new server, then proceed to the interfaces to turn it on. The problem which comes around occassionally is the interefaces when they restart up end up with the same ip. I just restart one of them to correct.

          M 1 Reply Last reply Reply Quote 0
          • M
            MadMaxster @Gertjan
            last edited by

            @Gertjan - Thanks for responding and the suggestion - it's a long thread so will take me some time to process!

            1 Reply Last reply Reply Quote 0
            • M
              MadMaxster @The Party of Hell No
              last edited by MadMaxster

              @The-Party-of-Hell-No - thanks for your input
              This is what I have :
              49f1e450-dc52-4847-b4ca-5e7f6948c230-image.png
              Servers are setup but the problem is that both servers 'PUSH' the same ifconfig and route-gateway numbers, so they clash when both are on simultaneously.
              I can filter and redefine them to be on separate subnets but I don't get web as the server for each one is still on 10.100.0.1 and not on the subnets (10.1.10.1 and 10.1.11.1)

              Have you split your multiple simultaneous profile connections over separate subnets?

              I think I'm missing either a key openvpn client command I'm not aware of to redirect the gateway to be a specified ip, or another different way of doing this completely.
              Again - thanks for any advice or pointers you can give!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post