Problem with Virtual Address

eduardoeller · Jun 29, 2022, 1:38 PM

I have a lab with 50 virtual machines, I would like each of them to have an output ip using the SurfShark service.
For that I did the configuration via OpenVPN Client, I created rules on the LAN so that each machine had its own gateway.
The problem occurs when the OpenVPN client receives the same virtual address.
I tried in several ways to solve this problem but I couldn't.
I keep restarting the openvpn client connection but it always gets the same ip.

Need help.

JKnott · Jun 29, 2022, 4:01 PM

@eduardoeller

You can't assign the same address to more than one device. Is the OpenVPN tunnel in the same subnet?

eduardoeller · Jun 29, 2022, 4:06 PM

@jknott I use SurfShark VPN, I don't know how to solve the virtual address problem

viragomann · Jun 29, 2022, 4:53 PM

@eduardoeller
So you have 50 Surfshark clients?

It's on the VPN server to assign a virtual IP to the client. There is nothing you can do on the client side the change it.

Contact Surfshark and tell them your problem.

eduardoeller · Jun 29, 2022, 4:56 PM

@viragomann I tried to talk to them, I tried to change the certificates, but it keeps getting the same virtual address, I don't know what to do, they told me to contact netgate, that's why I'm here

viragomann · Jun 29, 2022, 5:02 PM

@eduardoeller
No, as mentioned, the clients virtual IP is given by the server. You cannot change it. If you try to do that the server will drop the connection.

eduardoeller · Jun 29, 2022, 5:06 PM

@viragomann Is there any rule, certificate, anything I can do to make pfsense work with the duplicate ip?

viragomann · Jun 29, 2022, 5:26 PM

@eduardoeller
No, the real problem isn't the duplicated clients IPs, but the duplicated virtual server IPs, which pfSense needs as gateway for routing the traffic.

Since the clients IPs are duplicated, the servers will have equal configurations and hence provide the same gateway IPs to multiple clients. Consequently pfSense will not be able to route the traffic to the different VPN servers as they are using the same virtual IP.

NogBadTheBad · Jun 29, 2022, 6:19 PM

@viragomann said in Problem with Virtual Address:

@eduardoeller
No, as mentioned, the clients virtual IP is given by the server. You cannot change it. If you try to do that the server will drop the connection.

Since the clients IPs are duplicated, the servers will have equal configurations and hence provide the same gateway IPs to multiple clients. Consequently pfSense will not be able to route the traffic to the different VPN servers as they are using the same virtual IP.

^^ This it's the same with NordVPN, they have the same configs on their VPN servers that hand out the same address range to the clients, they don't account for multi VPN connections.

I'm at a loss why Surfshark said talk to Netgate ...

johnpoz · Jun 29, 2022, 6:54 PM

@nogbadthebad said in Problem with Virtual Address:

I'm at a loss why Surfshark said talk to Netgate ...

Because as most services - pass the buck..

viragomann · Jun 29, 2022, 6:55 PM

@nogbadthebad said in Problem with Virtual Address:

I'm at a loss why Surfshark said talk to Netgate ...

Because that’s an easy way for the first level support to get rid of an onerous customer.