Netgate SG-1000 microFirewall

Author Topic: OpenVPN Having Trouble with VPN Gateway (Revised)  (Read 421 times)

0 Members and 1 Guest are viewing this topic.

Online viragomann

  • Hero Member
  • *****
  • Posts: 2499
  • Karma: +264/-1
    • View Profile
Re: OpenVPN Having Trouble with VPN Gateway (Revised)
« Reply #15 on: October 20, 2017, 03:46:28 pm »
What was confusing me was these setup instructions https://www.privateinternetaccess.com/pages/client-support/pfsense, and that the Topologiy setting shows 'Subnet - One IP address per client in a common sub-net' in the provided example.  What's the difference between this setting and 'net30 -Isolated /30 network per client'?  The topology you described looks more like the /30 than One IP address per client to me.
A /30 subnet results in one IP per client. See her how I've explained the addresses of such a subnet. There is place for one client only.
The server provides a /30 subnet for each client, already mentioned that.

When I change the setting to 'net30 -Isolated /30 network per client', the log looks like this. 
The setting will be ignored, since it is given by the server. Already mentioned that here: https://forum.pfsense.org/index.php?topic=138316.msg756795#msg756795

Oct 20 15:39:56    openvpn    53417    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.8.10.1,topology net30,ifconfig 10.8.10.10 10.8.10.9,auth-token /9q33gukKF57s9njKLNkDUHrt6LMQ+vRHjYh2Wr++MQ='

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9088
  • Karma: +1037/-306
    • View Profile
Re: Has Anyone Got Gateway Pinger working with Private Internet Access?
« Reply #16 on: October 20, 2017, 04:25:26 pm »
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses

Set something else as the monitor IP address.

And we don't need multiple threads about the same thing, please.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline guardian

  • Full Member
  • ***
  • Posts: 247
  • Karma: +8/-0
    • View Profile
Re: Has Anyone Got Gateway Pinger working with Private Internet Access?
« Reply #17 on: October 20, 2017, 11:21:26 pm »
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses

Set something else as the monitor IP address.

And we don't need multiple threads about the same thing, please.
I wanted to focus the discussion on the pinger, not OpenVPN.

The place I'm trying to go with this is that based on what I'm learning in this thread it appears that the design of the pinger falls a bit short. 

There should be some way to have the option be able to automatically insert x.x.x.1 as the monitor address where x.x.x.y is the dynamic address assigned by the VPN. 

If I stick in some external address ( say 8.8.8.8 ) what is the likelihood of a false  (i.e reports up when down or down when up) status?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9088
  • Karma: +1037/-306
    • View Profile
Re: OpenVPN Having Trouble with VPN Gateway (Revised)
« Reply #18 on: October 20, 2017, 11:44:41 pm »
dpinger works fine. You are seeing an OpenVPN issue. You have to monitor something that will actually respond to pings.

The gateway address is automatically inserted. There is no mechanism to "automatically" choose something else.

You can place whatever monitor IP address in there you think is better than the gateway address.

This has nothing to do with dpinger.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM