Dynamic IP collision



  • Hi,

    I have set up a VPN Client with pfSense 2.1.5 to VPNBook. It works so far. My LAN has the IPv4 network 10.10.0.0/24. After connection I see

    • Interface "VPN" IP (Virtual Address): 10.10.0.118: Dynamically in my IP Range

    • Gateway "VPN_GW" IP: 10.10.0.117: One lower

    The problem is, that this IP is changing on every DSL reconnect (daily) and seems to be random and sometimes collides with internally used IPs like 10.10.0.9 I had yesterday.

    Is it intended, that the IPs have to be in my local network?
    Should I use another network (e.g. 10.10.8.0/24). Unfortunaltely the setting "IPv4 Tunnel Network" is ignored. My other options are:

    verb 5;auth-user-pass /etc/vpnbook.pass;persist-key;persist-tun;pull;route-nopull

    Any idea?

    Regards



  • If your isp is fond of using those 10.whatever IPs, don't use them in your LAN and VPN



  • This is not my primary ISP, it is "only" an OpenVPN tunnel endpoint. I don't think it has to do with the actual network number, it looks like OpenVPN assigns itself an IP in my local network - except that it does randomly ignoring e.g. DHCP leases.



  • You should be assigning it a tunnel that is completely unused in your network.

    Example….  In the openvpn tunnel settings:

    If your LAN is on 10.5.34.0/24

    Put your openvpn tunnel setting as 10.5.35.0/24

    This way there is no possibility of a problem on your end at least.

    If you have a few clients that are using a ISP that is assigning inconvenient IPs for you in the 10.5.35.0/24 range, then set up a second openvpn instance on your pfsense just for them on a different port.

    Make that one tunnel on 172.16.59.0/24 or 192.127.93.0/24 or something.

    172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
    192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

    I have one VPN from openvpnas that has for years been using the 5.5.x.x IP space with no problems but that's not technically good to do.



  • That is what I tried. I configured

    IPv4 Tunnel Network: 10.10.9.0/24

    The generated /var/etc/openvpn/client1.conf is

    dev ovpnc1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local X.X.X.X
    engine cryptodev
    tls-client
    client
    lport 50111
    management /var/etc/openvpn/client1.sock unix
    remote us1.vpnbook.com 25000
    ifconfig 10.10.9.2 10.10.9.1
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    comp-lzo
    resolv-retry infinite
    verb 5
    auth-user-pass /etc/vpnbook.pass
    persist-key
    persist-tun
    pull
    route-nopull

    But the interface looks like this:

    ovpnc1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    options=80000 <linkstate>inet6 fe80::290:7fff:fe3e:31a1%ovpnc1 prefixlen 64 scopeid 0xc
    inet 10.10.0.118 –> 10.10.0.117 netmask 0xffffffff
    nd6 options=3 <performnud,accept_rtadv>Opened by PID 67700

    Either this is a bug, or I don't know how to configure it correctly.</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>



  • Probably need a screen shot of your entire openvpn config and also info about the client.  What OS is the client?



  • pfSense is the client, VPNBook is the tunnel ISP.



  • I think I'm not going to be alot of help for you.



  • Thanks anyway!


Log in to reply