Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN gateways will get the same IP address and interfere with each other.

    OpenVPN
    3
    7
    1500
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pleasewhat last edited by

      Hi,

      i use a vpn account from a provider similar CyberGhost or HideMyAss. The provider runs different servers in different countries. Nothing special.

      Now i want setup multiple openvpn clients in my pfsense (2.2.1) and create firewall rules to route different local ips over the openvpn clients. This was my inspiration: http://www.retropixels.org/blog/use-pfsense-to-selectively-route-through-a-vpn

      In my example i want setup this:
      10.0.1.96/29 -> vpn client 1
      10.0.1.112/29 -> vpn client 2
      …

      I configure the first openvpn client, create the interface, gateways, rules, nat, etc. So far, so good. If i change the ip from my notebook to 10.0.1.98, all my traffic goes over the first openvpn-client. Yeah.

      But now the problem: After this i configure the next openvpn-client, create the interface also, etc. If i disable the first vpn client, the second client works fine for the range 10.0.1.112/29.

      Now I have enabled the first client and see that both clients receive the same IP address and thus interfere with each other.

      Can you solve the problem so that I can run multiple openvpn clients from one provider?

      I attacked two screenshots. The firewall rules are reduced to the essentials. If you need other information, please ask me.

      PS: Sorry for my bad englisch.
      ![Rules stripped.png](/public/imported_attachments/1/Rules stripped.png)
      ![Rules stripped.png_thumb](/public/imported_attachments/1/Rules stripped.png_thumb)

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi last edited by

        Don't attack the screenshots…  They are innocent (-;

        Actually, you may be screwed.  How the servers assign IPs is up to them, not you.

        Also they have the same gateway address I bet, so that too may be an issue for you.

        1 Reply Last reply Reply Quote 0
        • P
          pleasewhat last edited by

          @kejianshi:

          Don't attack the screenshots…  They are innocent (-;

          Ups ;D

          @kejianshi:

          Actually, you may be screwed.  How the servers assign IPs is up to them, not you.

          Also they have the same gateway address I bet, so that too may be an issue for you.

          Hmmm if I understand correctly, I can not influence the assignment. I think I will contact the provider and ask him.

          Someone told me that i could maybe solve this with "Virtual IP Addresses". But I do not know enough about it to check his tip.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi last edited by

            I'd advise using 2 separate openvpn services who don't assign same subnet ranges and don't use same gateways IPs.

            I assume you are trying to setup some sort of gateway-failover by using 2 separate VPN tunnels?

            Not a terrible idea actually.

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              You'd think they'd be smart enough than to use 10.anything.  Especially 10.0.1.x.  I mean, why?

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi last edited by

                I agree but private ranges are limited, so you would hape that they would at least make the subnets they use random to the point that conflicts would be unlikely.

                Obviously not the case here.

                1 Reply Last reply Reply Quote 0
                • P
                  pleasewhat last edited by

                  @kejianshi:

                  I assume you are trying to setup some sort of gateway-failover by using 2 separate VPN tunnels?

                  Not really. I want a vpn solution without modify the local network clients (install openvpn, update, configure, …). We life in germany and my girlfriend wants to use Netflix US (with his desktop or/and notebook). She can not configure openvpn and i think she dont need that ;)

                  My idea is: If she want watch Netflix, she must only change her ip address. That is no problem for her.

                  And I need a exit point in the netherlands and switzerland. I can use openvpn directly but than i must protect every pc against dns leaks and so on.

                  That is the reason why i want manage the vpn clients at pfsense and "select the route" on the clients only with the ip address.

                  @kejianshi:

                  I'd advise using 2 separate openvpn services who don't assign same subnet ranges and don't use same gateways IPs.

                  This is possible but then I have to pay two accounts. And this sucks a little bit.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post