Privacy VPNs getting the same virtual IP-address
-
There is one annoyance if you have more than one Client to a privacy VPN in pfSense. There often is the chance that two or more Clients get the same virtual/tunnel IP-address (and gateway) from those VPN Providers and there is nothing one could do about that.
What makes things worse is that Gateway Monitoring still works for those clients (status:online), so for me it seems to be only a routing problem.
Thankfully pfSense is not routing traffic through the wrong gateway.
But with policy based routing with a gateway defined by its name in a rule, it could technically still be routed the correct way?Anyways, what could be done to solve this problem for those few home users using these types of VPN-services? Those services mostly allow only some small number of concurrent connections, so they won't have any intend to fix it on their side, I guess.
-
No easy solution I'm aware of. None of the NAT options in OpenVPN apply to the tunnel subnet itself.
You can often set a different server and get a different tunnel subnet.
Some providers offer Wireguard or IPSec servers which might be an option.
-
Maybe someone has a watchdog script or something?
I get it that this is not a typical problem for a "firewall". -
A script to reconnect if it gets a conflicting tunnel subnet?
-
@stephenw10 said in Privacy VPNs getting the same virtual IP-address:
A script to reconnect if it gets a conflicting tunnel subnet?
Yeah, you got one?
-
Nope.
I am discovering it's a problem that's almost impossible to Google for though... -
NordVPN seem to use the same configs for all the VPN servers, I set up 3 ( in different regions ) to play with gateway groups and noticed quite often some of the addresses handed out to clients only vary by the last octet.
-
@nogbadthebad Only the last octet is changing and mostly it is just 1-9 for me.
