Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense not monitoring right ip with multi client openVPN connections

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 1.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jonathan.young
      last edited by

      Hi All,

      I did post this in the Routing area but got no response so I though I would post here...

      My VPN provider (Surfshark) allows me multiple VPN connections to their VPN servers and I have set a few of these up and they are working. From what I am can see, each of their servers has a gateway ip of 10.8.8.1 and hands out an ip in the range 10.8.8.3 - 10.8.8.254 for each of the clients connecting (such as me).

      I am trying to monitor the ping time to each VPN gateway but the pfSense Dashboard widget seems to want to use my VPN client ip rather than the gateway. This gives an unhelpful metric of how good the connection is. If I manually enter the monitor ip as (10.8.8.1) it works fine and I get a much more appropriate answer, but I cannot use this value on more than 1 gateway. pfSense does not allow it.

      ovpnc4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
              options=80000<LINKSTATE>
              inet6 XXXX:XXXX:XXXX:XXXX%ovpnc4 prefixlen 64 scopeid 0x10
              inet 10.8.8.3 --> 10.8.8.1 netmask 0xffffff00
              nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
              groups: tun openvpn
              Opened by PID 32871
      ovpnc5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
              options=80000<LINKSTATE>
              inet6 XXXX:XXXX:XXXX:XXXX%ovpnc5 prefixlen 64 scopeid 0x11
              inet 10.8.8.47 --> 10.8.8.1 netmask 0xffffff00
              nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
              groups: tun openvpn
              Opened by PID 46532
      ovpnc6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
              options=80000<LINKSTATE>
              inet6 XXXX:XXXX:XXXX:XXXX%ovpnc6 prefixlen 64 scopeid 0x12
              inet 10.8.8.17 --> 10.8.8.1 netmask 0xffffff00
              nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
              groups: tun openvpn
              Opened by PID 72460
      

      Does anyone have a good idea of how to get pfSense to monitor the real gateway ip and not my local ip?

      Thanks in advance,

      Jonathan

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Monitor a public IPs which responses to pings like 8.8.8.8, etc. By monitoring an host in the Internet instead of the gateway, you get a more appropriate view of your upstream connection anyway.
        However, you will have to add different monitoring IPs to each gateway.

        1 Reply Last reply Reply Quote 0
        • J Offline
          jonathan.young
          last edited by

          Thanks for the response.

          The problem with that is I would like prefereably to measure the ping response from each VPN gateway or, if that s not possible, measure the ping from the same server. Otherwise the reults are meaningless.

          Why does openVPN not measure the response from the server rather than my client?

          1 Reply Last reply Reply Quote 0
          • S Offline
            shanemorrisman
            last edited by

            Comapre your ipv4 to the public ip shown here once you are connected to your client. They should be the same

            1 Reply Last reply Reply Quote 0
            • JeGrJ Offline
              JeGr LAYER 8 Moderator
              last edited by

              @jonathan-young said in pfSense not monitoring right ip with multi client openVPN connections:

              Why does openVPN not measure the response from the server rather than my client?

              Huh? OpenVPN does not measure anything and only monitors the server it is connected against (with its public IP) so it knows if the tunnel peer is down/unavailable.

              It's simply a problem with overlapping IP ranges. You use multiple VPN connections with the same transit network. That is always resulting in routing mixups. It's simple routing 101, you can't correctly route the same network twice.

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.