OpenVPN Clients are duplicated



  • Hi All,

    I know that the title of the topic can be confusing but I didn't find something better.

    I am running 4 VPN clients on PfSense toward the same VPN provider but using different VPN servers. All of the Clients are configured on PfSense also with an interface so that I can create 4 gateways to use in Security rules.
    3 of the clients are configured to be in 3 different Gateway Groups in which I have linked 2 OpenVpn instances/clients. In each group the Tier 1 server rotates day by day. To better explain… let's say I have 3 Clients using as VPN server A, B and C. I then have 3 Gateway Groups where A is the primary gateway in group 1 whlile C is the secondary, B is the primary gateway in group 2 while A is the secondary and same for the 3rd group. Gateway groups in use are rotating daily with time Scheduled Firewall Rules.

    My VPN provider only allows 5 clients to be connected at the same time and from time to time I got message from them saying that a 6th client is connecting, causing the disconnection of 1 of my Clients on PfSense.
    After some investigation I am 110% sure that the only configured clients are the 4 in PfSense, but there should be something that most probably starts more than 1 VPN Client instance.

    Question: is there a way from the command line to check how many clients are running at a certain time? I am asking because from the Web GUI I only and always see only 4 clients but there is definitely something duplicating a couple of them and causing the Provider to observe the 6th client connecting.

    Thanks!


  • Rebel Alliance Developer Netgate

    If your client gets disconnected and then reconnects quickly (< 60 sec), that would look like an additional connection from the provider's perspective since it would not have timed out yet.

    pfSense can't run more than one instance of a specific client at a time (even if you wanted to), so if you only have four configured in pfSense then it can only be running four.

    So either the provider is seeing a disconnected "ghost" session hanging around, or there is another client somewhere off pfSense connecting (local PC, perhaps? local lab setup?)


Log in to reply