Page 1 of 1

vpn_gateway Routing on Multiple Connections

Posted: Sat Oct 13, 2018 6:46 am
by dkirk_reviewtracker
Hello!

I'm trying to set up connections to allow my developers to route traffic through two separate VPN servers. One of these servers has all of their addresses in the 10.0.0.0/24 CIDR block, and the other in the 11.0.0.0/24 block. Whenever I connect through either of them, it works just fine, but when I connect through both, I am unable to send traffic through the second connection.

Here are the relevant configuration settings for the two connections:
Connection 1 General:
Protocol: TCP
Device: tun

Connection 1 Networking:
Routing: IPv4 | Route: 10.0.0.0 | Mask/Bits: 255.255.0.0 | Gateway: vpn_gateway | Metric: Default
DNS Mode: Split
Servers: 10.0.0.8
Domains: rtx


Connection 2 General:
Protocol: TCP
Device: tun

Connection 2 Networking:
Routing: IPv4 | Route: 11.0.0.0 | Mask/Bits: 255.255.0.0 | Gateway: vpn_gateway | Metric: Default
DNS Mode: Split
Servers: 11.0.0.8
Domains: jnk

Additionally, here's the output of ifconfig that's generated by Viscosity:

utun10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
utun11: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff


I imagine that the issue is related to the inet being the same for both of these connections, but I'm not certain, nor am I sure what to do to resolve this. I'll continue poking at it & try to find a solution, but if anyone has any suggestions, it would be extremely appreciated!

Re: vpn_gateway Routing on Multiple Connections

Posted: Mon Oct 15, 2018 12:52 am
by James
Hi dkirk_reviewtracker,

Both VPN connections are on the same IP range (in fact, they're both being assigned the same IP address), which will be causing a routing conflict. You'll need to change one of the VPN servers to use a different IP range for VPN clients.

Code: Select all

inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff

Code: Select all

inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff


Cheers,
James

Re: vpn_gateway Routing on Multiple Connections

Posted: Tue Oct 16, 2018 8:18 am
by dkirk_reviewtracker
Thanks for the help! I was able to change the server to use a different range of IP addresses. It connects, and I'm able to connect with the second connection & access those services, but I'm unable to access any services in the LAN of the VPN that has the different range.

Eg: Changed openvpn.conf on the server from

Code: Select all

server 192.168.255.0 255.255.255.0
to

Code: Select all

server 192.168.254.0 255.255.255.0
and now I cannot access any services behind the OpenVPN server

If you have any suggestions, they would be greatly appreciated!

EDIT 1:
here's the new ifconfig:

Code: Select all

utun10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
   options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
   inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
utun11: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
   options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
   inet 192.168.254.6 --> 192.168.254.5 netmask 0xffffffff


EDIT 2:
I can ping the VPN server at 192.168.255.1 & 192.168.254.1, so I think the issue is on the server's side as opposed to the local side.

Re: vpn_gateway Routing on Multiple Connections

Posted: Tue Oct 16, 2018 6:25 pm
by James
You'll most likely also need to adjust your firewall/NAT rules on the server to take into account the different IP range.

Cheers,
James