Newbie multi VPN clients - gateway setup - am i doing something wrong.

4o4rh

• I have setup 3x ExpressVPN clients

• i set 2 as Tier 1 and 1 as Tier 2 in the gateway group

• all traffic via VPNGW group in Firewall Rules

• all our connect (although they show offline due to 50% packet loss - according to dpinger)

• for monitoring i am using first 3 opendns addresses for each vpn

• for general setup / dns - i am using opendns entry for each of the vpn and local provider dns for wan in forth position.

if i traceroute 8.8.8.8 (not in my dns list) it goes via VPN2
if i traceroute google.com it goes via the DNS1 linked interface.

if i traceroute google.com from the windows client, it gets request time outs from the VPN provider after the gateway connection
if i traceroute google.com from the ubuntu client, it get through no issues or loss
if i traceroute google.com "-I" from the ubuntu client, it gets request time outs from the VPN provider after the gateway connection

In summary,

• i guess that means the vpn provider is not passing ICMP requests right?
• dpinger there falsely reports loss because it is using ICMP?

This means i wont be able to using my VPN provider in a failover config right?
As i can maintain all three connections, do i need to monitor if i am setup as load balancing then?

cheers
Steve

4o4rh

ok, there is something else wrong….... reduce down to once vpn.

pfsense vpn      10.0.10.22
vpn host          10.0.10.21
vpn gateway    10.0.10.1

dpinger from box:
dpinger -f -B 127.0.0.1 8.8.4.4    - no packet loss

dpinger -f -B 10.0.10.22 8.8.4.4  - packet loss after 3rd ping.

what am i missing?