2 Openvpn clients, one causes internet connection lost on just one device



  • I've set up two vpnunlimited Openvpn clients on my pfSense (detailed config is in this thread https://forum.netgate.com/topic/148010/dedicated-vlan-vap-for-openvpn-client-no-net-for-main-network ). One of the two vpn connection will cause my media box, either wired or wireless, internet connection lost. The media box is connected to my LAN network. There are many devices on the same network, but only the media box has internet lost problem. As soon as I disconnect my vpn client, the internet connection came back. While it lost the connection, it still has "online" status shown in pfSense (Status-->DHCP leases). Both vpn client connections are working fine all the time; they were similarly setup, except using the different remote server and certificates.
    I need any suggestion what might be the cause of this strange problem.



  • Update: it seems the Gateway monitoring with 8.8.8.8 and 8.8.4.4 at System-->Routing-->Gateway for my openvpn clients will block internet access to my device which has dns server defined to 8.8.8.8/8.8.4.4. I disable Gateway monitoring and the problem has solved.

    I've not tested the alternative solution by keeping the gateway monitoring on, but do not specifiy dns server as 8.8.8.8/8.8.4.4 on my device.



  • @bthoven said in 2 Openvpn clients, one causes internet connection lost on just one device:

    I've not tested the alternative solution by keeping the gateway monitoring on, but do not specifiy dns server as 8.8.8.8/8.8.4.4 on my device.

    I use my ISPs gateway address. However, there are plenty of other addresses you can use for gateway monitoring.

    Regardless, I have no idea why using Google DNS would cause your problem.



  • @JKnott Thanks. I'm surprised myself this can cause the problem. Any negative consequence if I do not monitor gateway?



  • @bthoven I tried using the dns IPs obtained from my ISP for the gateway monitoring. The dns resolving was then so slow for all my devices. I had to disable gateway monitoring again. Strange.



  • @bthoven
    Why not just use the gateway address? All you need is an address that will always be there. Is there some reason you need to use some DNS address? Also, you don't need to monitor the gateway. All the monitoring does is tell you if the connection is working or not. You only need it if you want some action to happen when the connection drops. I have monitoring disabled on my system.



  • @JKnott said in 2 Openvpn clients, one causes internet connection lost on just one device:

    @bthoven
    Why not just use the gateway address? All you need is an address that will always be there. Is there some reason you need to use some DNS address? Also, you don't need to monitor the gateway. All the monitoring does is tell you if the connection is working or not. You only need it if you want some action to happen when the connection drops. I have monitoring disabled on my system.

    when you say gateway address, you mean, for me, 192.168.2.1? I don't have particular reason to monitor the gateway. I just followed the openvpn client setup sample guide.
    Anyway, as you suggested, I just disable the gateway monitoring. Thanks a lot.



  • @bthoven said in 2 Openvpn clients, one causes internet connection lost on just one device:

    when you say gateway address, you mean, for me, 192.168.2.1?

    No, I mean the ISPs gateway address. However, since you've disabled monitoring, that's irrelevant.

    Also, I hope that is not the ISPs gateway, as it would mean you're behind NAT and impossible for you to have the VPN server end.



  • No. I got a public ip from my ISP.


Log in to reply