Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How is OpenVPN gateway address determined?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 442 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcarson75
      last edited by

      I have four separate OpenVPN client instances running, each with their own interface. All are site-to-site clients connecting to pfSense boxes at various locations on the opposite sides. All are running pfsense 2.4.4-p3.

      Each client has a separate tunnel network.

      Client 1: Tunnel network 10.0.0.0/24, local IP 10.0.0.2, remote IP 10.0.0.1, Gateway is 10.0.0.2
      Client 2: Tunnel network 10.0.16.0/24, local IP 10.0.16.12, remote IP 10.0.16.1, Gateway is 10.0.16.1
      Client 3: Tunnel network 10.0.21.0/24, local IP 10.0.21.5, remote IP 10.0.21.1, Gateway is 10.0.21.1
      Client 4: Tunnel network 10.0.6.0/24, local IP 10.0.6.2, remote IP 10.0.6.1, Gateway is 10.0.6.1

      I am trying to determine why Client 1's gateway is the local side instead of the remote side? For gateway monitoring, it should be around 250 ms ping (from Asia to USA) but instead I'm seeing 1 ms or less because it is pinging the local side. To mitigate it I set the monitor IP to a public DNS server, but I'd rather leave it at default and have it ping the far side of the tunnel.

      If I go into the individual gateway settings all of the gateway IPs are set to "dynamic".

      Where can I start looking to figure out why this one tunnel is acting differently?

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        Please show System / Routing / Gateways

        M 1 Reply Last reply Reply Quote 0
        • M
          mcarson75 @viktor_g
          last edited by

          @viktor_g Here it is with some of the names redacted.

          a16d73d2-ab19-4554-b15d-077947174fce-image.png

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.