OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: crt333 on November 28, 2018, 02:14:57 pm
-
I learned something from reading bits and pieces in the forum that fixed my problem, and since I thought it wasn't that uncommon a situation I'd summarize in case it is useful to someone else. Perhaps this is documented somewhere, if so I missed it...
I make several VPN connections to different geographic locations, which I think others do as well (most VPN vendors allow this). Then I route different devices to different locations. This was generally working, but often it would suddenly stop and I'd have to restart the VPN connections. I was connecting all of them using UDP and port 995, and my VPN vendor has a single certificate for all locations. What would happen was that all VPN connections would get a virtual address of the form 10.X.0.Y, where X was constant, and the different connections would get different Y's. Every now and then different connections would get the same Y, which is when things would stop working.
What I learned is that depending on the protocol (UDP/TCP) and port number that is configured, the value of X changes, so conflicts in random Y values can be avoided. For example, TCP/443 (X=8), UDP/1912 (X=35), UDP/1195 (X=33), UDP/995 (X=24), etc. I also read that different certificates might affect X, but as I only have one certificate I don't know if that is true.
So, for anyone who makes multiple VPN client connections to different geographic locations (using the same vendor account) make sure they use different protocols and/or ports, and everything will work fine. Actually, this would probably also work for multiple connections to the same location to get redundancy/speed.