Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic IP collision

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dkrizic
      last edited by

      Hi,

      I have set up a VPN Client with pfSense 2.1.5 to VPNBook. It works so far. My LAN has the IPv4 network 10.10.0.0/24. After connection I see

      • Interface "VPN" IP (Virtual Address): 10.10.0.118: Dynamically in my IP Range

      • Gateway "VPN_GW" IP: 10.10.0.117: One lower

      The problem is, that this IP is changing on every DSL reconnect (daily) and seems to be random and sometimes collides with internally used IPs like 10.10.0.9 I had yesterday.

      Is it intended, that the IPs have to be in my local network?
      Should I use another network (e.g. 10.10.8.0/24). Unfortunaltely the setting "IPv4 Tunnel Network" is ignored. My other options are:

      verb 5;auth-user-pass /etc/vpnbook.pass;persist-key;persist-tun;pull;route-nopull

      Any idea?

      Regards

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        If your isp is fond of using those 10.whatever IPs, don't use them in your LAN and VPN

        1 Reply Last reply Reply Quote 0
        • D
          dkrizic
          last edited by

          This is not my primary ISP, it is "only" an OpenVPN tunnel endpoint. I don't think it has to do with the actual network number, it looks like OpenVPN assigns itself an IP in my local network - except that it does randomly ignoring e.g. DHCP leases.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            You should be assigning it a tunnel that is completely unused in your network.

            Example….  In the openvpn tunnel settings:

            If your LAN is on 10.5.34.0/24

            Put your openvpn tunnel setting as 10.5.35.0/24

            This way there is no possibility of a problem on your end at least.

            If you have a few clients that are using a ISP that is assigning inconvenient IPs for you in the 10.5.35.0/24 range, then set up a second openvpn instance on your pfsense just for them on a different port.

            Make that one tunnel on 172.16.59.0/24 or 192.127.93.0/24 or something.

            172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
            192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

            I have one VPN from openvpnas that has for years been using the 5.5.x.x IP space with no problems but that's not technically good to do.

            1 Reply Last reply Reply Quote 0
            • D
              dkrizic
              last edited by

              That is what I tried. I configured

              IPv4 Tunnel Network: 10.10.9.0/24

              The generated /var/etc/openvpn/client1.conf is

              dev ovpnc1
              dev-type tun
              tun-ipv6
              dev-node /dev/tun1
              writepid /var/run/openvpn_client1.pid
              #user nobody
              #group nobody
              script-security 3
              daemon
              keepalive 10 60
              ping-timer-rem
              persist-tun
              persist-key
              proto udp
              cipher AES-128-CBC
              up /usr/local/sbin/ovpn-linkup
              down /usr/local/sbin/ovpn-linkdown
              local X.X.X.X
              engine cryptodev
              tls-client
              client
              lport 50111
              management /var/etc/openvpn/client1.sock unix
              remote us1.vpnbook.com 25000
              ifconfig 10.10.9.2 10.10.9.1
              ca /var/etc/openvpn/client1.ca
              cert /var/etc/openvpn/client1.cert
              key /var/etc/openvpn/client1.key
              comp-lzo
              resolv-retry infinite
              verb 5
              auth-user-pass /etc/vpnbook.pass
              persist-key
              persist-tun
              pull
              route-nopull

              But the interface looks like this:

              ovpnc1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
              options=80000 <linkstate>inet6 fe80::290:7fff:fe3e:31a1%ovpnc1 prefixlen 64 scopeid 0xc
              inet 10.10.0.118 –> 10.10.0.117 netmask 0xffffffff
              nd6 options=3 <performnud,accept_rtadv>Opened by PID 67700

              Either this is a bug, or I don't know how to configure it correctly.</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                Probably need a screen shot of your entire openvpn config and also info about the client.  What OS is the client?

                1 Reply Last reply Reply Quote 0
                • D
                  dkrizic
                  last edited by

                  pfSense is the client, VPNBook is the tunnel ISP.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    I think I'm not going to be alot of help for you.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dkrizic
                      last edited by

                      Thanks anyway!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.