pfSense not monitoring right ip with multi client openVPN connections
-
Hi All,
I did post this in the Routing area but got no response so I though I would post here...
My VPN provider (Surfshark) allows me multiple VPN connections to their VPN servers and I have set a few of these up and they are working. From what I am can see, each of their servers has a gateway ip of 10.8.8.1 and hands out an ip in the range 10.8.8.3 - 10.8.8.254 for each of the clients connecting (such as me).
I am trying to monitor the ping time to each VPN gateway but the pfSense Dashboard widget seems to want to use my VPN client ip rather than the gateway. This gives an unhelpful metric of how good the connection is. If I manually enter the monitor ip as (10.8.8.1) it works fine and I get a much more appropriate answer, but I cannot use this value on more than 1 gateway. pfSense does not allow it.
ovpnc4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 XXXX:XXXX:XXXX:XXXX%ovpnc4 prefixlen 64 scopeid 0x10 inet 10.8.8.3 --> 10.8.8.1 netmask 0xffffff00 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: tun openvpn Opened by PID 32871 ovpnc5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 XXXX:XXXX:XXXX:XXXX%ovpnc5 prefixlen 64 scopeid 0x11 inet 10.8.8.47 --> 10.8.8.1 netmask 0xffffff00 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: tun openvpn Opened by PID 46532 ovpnc6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 XXXX:XXXX:XXXX:XXXX%ovpnc6 prefixlen 64 scopeid 0x12 inet 10.8.8.17 --> 10.8.8.1 netmask 0xffffff00 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: tun openvpn Opened by PID 72460Does anyone have a good idea of how to get pfSense to monitor the real gateway ip and not my local ip?
Thanks in advance,
Jonathan
-
Monitor a public IPs which responses to pings like 8.8.8.8, etc. By monitoring an host in the Internet instead of the gateway, you get a more appropriate view of your upstream connection anyway.
However, you will have to add different monitoring IPs to each gateway. -
Thanks for the response.
The problem with that is I would like prefereably to measure the ping response from each VPN gateway or, if that s not possible, measure the ping from the same server. Otherwise the reults are meaningless.
Why does openVPN not measure the response from the server rather than my client?
-
Comapre your ipv4 to the public ip shown here once you are connected to your client. They should be the same
-
@jonathan-young said in pfSense not monitoring right ip with multi client openVPN connections:
Why does openVPN not measure the response from the server rather than my client?
Huh? OpenVPN does not measure anything and only monitors the server it is connected against (with its public IP) so it knows if the tunnel peer is down/unavailable.
It's simply a problem with overlapping IP ranges. You use multiple VPN connections with the same transit network. That is always resulting in routing mixups. It's simple routing 101, you can't correctly route the same network twice.
