Dynamic IP collision
-
Hi,
I have set up a VPN Client with pfSense 2.1.5 to VPNBook. It works so far. My LAN has the IPv4 network 10.10.0.0/24. After connection I see
-
Interface "VPN" IP (Virtual Address): 10.10.0.118: Dynamically in my IP Range
-
Gateway "VPN_GW" IP: 10.10.0.117: One lower
The problem is, that this IP is changing on every DSL reconnect (daily) and seems to be random and sometimes collides with internally used IPs like 10.10.0.9 I had yesterday.
Is it intended, that the IPs have to be in my local network?
Should I use another network (e.g. 10.10.8.0/24). Unfortunaltely the setting "IPv4 Tunnel Network" is ignored. My other options are:verb 5;auth-user-pass /etc/vpnbook.pass;persist-key;persist-tun;pull;route-nopull
Any idea?
Regards
-
-
If your isp is fond of using those 10.whatever IPs, don't use them in your LAN and VPN
-
This is not my primary ISP, it is "only" an OpenVPN tunnel endpoint. I don't think it has to do with the actual network number, it looks like OpenVPN assigns itself an IP in my local network - except that it does randomly ignoring e.g. DHCP leases.
-
You should be assigning it a tunnel that is completely unused in your network.
Example…. In the openvpn tunnel settings:
If your LAN is on 10.5.34.0/24
Put your openvpn tunnel setting as 10.5.35.0/24
This way there is no possibility of a problem on your end at least.
If you have a few clients that are using a ISP that is assigning inconvenient IPs for you in the 10.5.35.0/24 range, then set up a second openvpn instance on your pfsense just for them on a different port.
Make that one tunnel on 172.16.59.0/24 or 192.127.93.0/24 or something.
172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255I have one VPN from openvpnas that has for years been using the 5.5.x.x IP space with no problems but that's not technically good to do.
-
That is what I tried. I configured
IPv4 Tunnel Network: 10.10.9.0/24
The generated /var/etc/openvpn/client1.conf is
dev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local X.X.X.X
engine cryptodev
tls-client
client
lport 50111
management /var/etc/openvpn/client1.sock unix
remote us1.vpnbook.com 25000
ifconfig 10.10.9.2 10.10.9.1
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
comp-lzo
resolv-retry infinite
verb 5
auth-user-pass /etc/vpnbook.pass
persist-key
persist-tun
pull
route-nopullBut the interface looks like this:
ovpnc1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::290:7fff:fe3e:31a1%ovpnc1 prefixlen 64 scopeid 0xc
inet 10.10.0.118 –> 10.10.0.117 netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>Opened by PID 67700Either this is a bug, or I don't know how to configure it correctly.</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>
-
Probably need a screen shot of your entire openvpn config and also info about the client. What OS is the client?
-
pfSense is the client, VPNBook is the tunnel ISP.
-
I think I'm not going to be alot of help for you.
-
Thanks anyway!