• Hi,

    I have set up a VPN Client with pfSense 2.1.5 to VPNBook. It works so far. My LAN has the IPv4 network After connection I see

    • Interface "VPN" IP (Virtual Address): Dynamically in my IP Range

    • Gateway "VPN_GW" IP: One lower

    The problem is, that this IP is changing on every DSL reconnect (daily) and seems to be random and sometimes collides with internally used IPs like I had yesterday.

    Is it intended, that the IPs have to be in my local network?
    Should I use another network (e.g. Unfortunaltely the setting "IPv4 Tunnel Network" is ignored. My other options are:

    verb 5;auth-user-pass /etc/vpnbook.pass;persist-key;persist-tun;pull;route-nopull

    Any idea?


  • If your isp is fond of using those 10.whatever IPs, don't use them in your LAN and VPN

  • This is not my primary ISP, it is "only" an OpenVPN tunnel endpoint. I don't think it has to do with the actual network number, it looks like OpenVPN assigns itself an IP in my local network - except that it does randomly ignoring e.g. DHCP leases.

  • You should be assigning it a tunnel that is completely unused in your network.

    Example….  In the openvpn tunnel settings:

    If your LAN is on

    Put your openvpn tunnel setting as

    This way there is no possibility of a problem on your end at least.

    If you have a few clients that are using a ISP that is assigning inconvenient IPs for you in the range, then set up a second openvpn instance on your pfsense just for them on a different port.

    Make that one tunnel on or or something. IP addresses: -- IP addresses: –

    I have one VPN from openvpnas that has for years been using the 5.5.x.x IP space with no problems but that's not technically good to do.

  • That is what I tried. I configured

    IPv4 Tunnel Network:

    The generated /var/etc/openvpn/client1.conf is

    dev ovpnc1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    keepalive 10 60
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local X.X.X.X
    engine cryptodev
    lport 50111
    management /var/etc/openvpn/client1.sock unix
    remote us1.vpnbook.com 25000
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    resolv-retry infinite
    verb 5
    auth-user-pass /etc/vpnbook.pass

    But the interface looks like this:

    ovpnc1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    options=80000 <linkstate>inet6 fe80::290:7fff:fe3e:31a1%ovpnc1 prefixlen 64 scopeid 0xc
    inet –> netmask 0xffffffff
    nd6 options=3 <performnud,accept_rtadv>Opened by PID 67700

    Either this is a bug, or I don't know how to configure it correctly.</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

  • Probably need a screen shot of your entire openvpn config and also info about the client.  What OS is the client?

  • pfSense is the client, VPNBook is the tunnel ISP.

  • I think I'm not going to be alot of help for you.

  • Thanks anyway!