Multiple OpenVPN connections: All have the same Virtual Address
-
I have two OpenVPN clients set up, and firewall rules set to divert connections from specific clients down specific VPNs, but all clients with a rule end up being diverted down just one of the VPNs.
I think this is because both my VPNs have the same Virtual Address, when I look in Status > OpenVPN, they both have the virtual address 10.8.0.2.
I'm assuming this isn't normal - how can I get them to have different addresses?
I've tried specifying a different "IPv4 Tunnel Network" in the settings for the client, but this setting was ignored and it still used 10.8.0.2 anyway.
If I just connect one VPN at a time, that one works fine.
I'm running 2.3.3-RELEASE-p1 (amd64) on a PC Engines apu2.
-
I have two OpenVPN clients set up, and firewall rules set to divert connections from specific clients down specific VPNs, but all clients with a rule end up being diverted down just one of the VPNs.
I think this is because both my VPNs have the same Virtual Address, when I look in Status > OpenVPN, they both have the virtual address 10.8.0.2.
I'm assuming this isn't normal - how can I get them to have different addresses?
I've tried specifying a different "IPv4 Tunnel Network" in the settings for the client, but this setting was ignored and it still used 10.8.0.2 anyway.
If I just connect one VPN at a time, that one works fine.
I'm running 2.3.3-RELEASE-p1 (amd64) on a PC Engines apu2.
I am having the same issue.
I have two OpenVPN clients configured with firewall rules set to route connections from specific clients and domain names thru specific VPN clients.
I recently added a third OpenVPN client and created firewall rules to route certain traffic to this tunnel.
It works most of the time.
Sometimes though, the second and third OpenVPN clients have the same Virtual Address. This causes my
selective routing firewall rules to not work. To fix, I have to bounce either the second or third OpenVPN client
until it gets a unique Virtual IP Address e.g. 10.8.0.1. My provider is TorGuard. I don't have this issue on my ASUS Router running Asuswrt Merlin. So, does this make it point to pfSense rather than the VPN provider? :-\How can two OpenVPN clients get the same Virtual Address? How to prevent?
If I just have two OpenVPN clients running at a time, everything works fine. Adding the third OpenVPN client
causes the issue. ???I can't seem to find an option in the OpenVPN 2.4 manual to help with this issue.
-
if all clients share the same certificate then you need to enable
Duplicate Connection: Allow multiple concurrent connections from clients using the same Common Name.
in the openvpn server config.
-
I went back and looked at the VPN providers specs (changed recently for OpenVPN 2.4). I changed the port on each client configuration and the encryption assigned to that port number. From the specs table, this should ensure that each client gets a virtual IP address that is on a different subnet. Snip below
| Port Protocol Subnet DNS Data Encryption Data Authentication (for signing packets) TLS Handshake Diffie-Hellman (session key)
443 UDP 10.9.x.x 10.9.0.1 cipher BF-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC** HMAC-SHA1 2048 bit RSA 2048 bit
443 TCP 10.8.x.x 10.8.0.1 cipher BF-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC** HMAC-SHA1 2048 bit RSA 2048 bit
80 UDP 10.22.x.x 10.22.0.1 cipher AES-128-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC:BF-CBC** | -
I’m having the same scenario. 2 Torgaurd VPN clients, and they end up with the same virtual IP addresses, and traffic through the VPN stops.
A restart of pfsense would previously resolve the issue by assigning different virtual IP’s, but over the last week or so both connections get the same.
Any ideas on how to stop this from happening.
