Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Openvpn clients, one causes internet connection lost on just one device

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 2 Posters 935 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bthovenB Offline
      bthoven
      last edited by bthoven

      I've set up two vpnunlimited Openvpn clients on my pfSense (detailed config is in this thread https://forum.netgate.com/topic/148010/dedicated-vlan-vap-for-openvpn-client-no-net-for-main-network ). One of the two vpn connection will cause my media box, either wired or wireless, internet connection lost. The media box is connected to my LAN network. There are many devices on the same network, but only the media box has internet lost problem. As soon as I disconnect my vpn client, the internet connection came back. While it lost the connection, it still has "online" status shown in pfSense (Status-->DHCP leases). Both vpn client connections are working fine all the time; they were similarly setup, except using the different remote server and certificates.
      I need any suggestion what might be the cause of this strange problem.

      1 Reply Last reply Reply Quote 0
      • bthovenB Offline
        bthoven
        last edited by

        Update: it seems the Gateway monitoring with 8.8.8.8 and 8.8.4.4 at System-->Routing-->Gateway for my openvpn clients will block internet access to my device which has dns server defined to 8.8.8.8/8.8.4.4. I disable Gateway monitoring and the problem has solved.

        I've not tested the alternative solution by keeping the gateway monitoring on, but do not specifiy dns server as 8.8.8.8/8.8.4.4 on my device.

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ Online
          JKnott @bthoven
          last edited by

          @bthoven said in 2 Openvpn clients, one causes internet connection lost on just one device:

          I've not tested the alternative solution by keeping the gateway monitoring on, but do not specifiy dns server as 8.8.8.8/8.8.4.4 on my device.

          I use my ISPs gateway address. However, there are plenty of other addresses you can use for gateway monitoring.

          Regardless, I have no idea why using Google DNS would cause your problem.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          bthovenB 1 Reply Last reply Reply Quote 0
          • bthovenB Offline
            bthoven @JKnott
            last edited by

            @JKnott Thanks. I'm surprised myself this can cause the problem. Any negative consequence if I do not monitor gateway?

            bthovenB 1 Reply Last reply Reply Quote 0
            • bthovenB Offline
              bthoven @bthoven
              last edited by

              @bthoven I tried using the dns IPs obtained from my ISP for the gateway monitoring. The dns resolving was then so slow for all my devices. I had to disable gateway monitoring again. Strange.

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ Online
                JKnott @bthoven
                last edited by

                @bthoven
                Why not just use the gateway address? All you need is an address that will always be there. Is there some reason you need to use some DNS address? Also, you don't need to monitor the gateway. All the monitoring does is tell you if the connection is working or not. You only need it if you want some action to happen when the connection drops. I have monitoring disabled on my system.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                bthovenB 1 Reply Last reply Reply Quote 0
                • bthovenB Offline
                  bthoven @JKnott
                  last edited by bthoven

                  @JKnott said in 2 Openvpn clients, one causes internet connection lost on just one device:

                  @bthoven
                  Why not just use the gateway address? All you need is an address that will always be there. Is there some reason you need to use some DNS address? Also, you don't need to monitor the gateway. All the monitoring does is tell you if the connection is working or not. You only need it if you want some action to happen when the connection drops. I have monitoring disabled on my system.

                  when you say gateway address, you mean, for me, 192.168.2.1? I don't have particular reason to monitor the gateway. I just followed the openvpn client setup sample guide.
                  Anyway, as you suggested, I just disable the gateway monitoring. Thanks a lot.

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ Online
                    JKnott @bthoven
                    last edited by

                    @bthoven said in 2 Openvpn clients, one causes internet connection lost on just one device:

                    when you say gateway address, you mean, for me, 192.168.2.1?

                    No, I mean the ISPs gateway address. However, since you've disabled monitoring, that's irrelevant.

                    Also, I hope that is not the ISPs gateway, as it would mean you're behind NAT and impossible for you to have the VPN server end.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • bthovenB Offline
                      bthoven
                      last edited by

                      No. I got a public ip from my ISP.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.