Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense not monitoring right ip with multi client openVPN connections

    Routing and Multi WAN
    2
    2
    162
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonathan.young
      last edited by

      Hi All,

      My VPN provider (Surfshark) allows me multiple VPN connections to their VPN servers and I have set a few of these up and they are working. From what I am can see, each of their servers has a gateway ip of 10.8.8.1 and hands out an ip in the range 10.8.8.3 - 10.8.8.254 for each of the clients connecting (such as me).

      I am trying to monitor the ping time to each VPN gateway but the pfSense Dashboard widget seems to want to use my VPN client ip rather than the gateway. This gives an unhelpful metric of how good the connection is. If I manually enter the monitor ip as (10.8.8.1) it works fine and I get a much more appropriate answer, but I cannot use this value on more than 1 gateway. pfSense does not allow it.

      ovpnc4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 XXXX:XXXX:XXXX:XXXX%ovpnc4 prefixlen 64 scopeid 0x10
        inet 10.8.8.3 --> 10.8.8.1 netmask 0xffffff00
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn
        Opened by PID 32871
ovpnc5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 XXXX:XXXX:XXXX:XXXX%ovpnc5 prefixlen 64 scopeid 0x11
        inet 10.8.8.47 --> 10.8.8.1 netmask 0xffffff00
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn
        Opened by PID 46532
ovpnc6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 XXXX:XXXX:XXXX:XXXX%ovpnc6 prefixlen 64 scopeid 0x12
        inet 10.8.8.17 --> 10.8.8.1 netmask 0xffffff00
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn
        Opened by PID 72460

      Does anyone have a good idea of how to get pfSense to monitor the real gateway ip and not my local ip?

      Thanks in advance,

      Jonathan

      1 Reply Last reply Reply Quote 0
      • C
        cosmor
        last edited by cosmor

        Well, by design pfsense dpinger and related routing table updates of bsd won't let you use the same ip address. A routing table for specific IP is just that: it allows an exit on a specific interface. If you connect to your vpn provider through different servers , a new gateway is created for each connection . Also, If your provider happen to give you the same IP for 2 or more connections , it might be game over conflict for connectivity tests and maybe gateway status. The solution to your problem is not to monitor the vpn gateway ip which is the same on every server , except the first connection, but choose a well known ip , e.g 1.1.1.1 or 8.8.8.8 as monitor IP for each vpn gateway. If you need to compare vpn connections , it will not be a stable basis for comparisson , as the external ip will have longer ping times by a 25% margin approx. I understand your concern from a paranoid security point of view, as pinging a vpn gateway does not leave any traceable exposure on vpn exits for your pings..where advanced adversaries might interfere with..
        The limit of monitoring with a single IP the connection status tries to tackle a new advanced plugin which is under development for the time being..Since then, try, to diferentiate your monitor IPs for each gateway manually..

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.