I'm setting up multiple VPN connections on OpnSense and then configuring them as gateways according to this guide (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html). There are a few issues that I'd appreciate getting some advice on:
- Gateway IPs. For each configuration that Proton generates it gives the same local address inside the tunnel `10.2.0.2`. Works fine when creating mutiple instances. However when I try to create multiple gateways that map to different profiles the system predictably complains that the IP is already in use. Are there any workarounds for that issue? I could spawn a bunch of containers on a different host that would connect as clients to proton and then expose this connection via a local server, and then point OpnSense to there local servers. But perhaps there are easier options that can be set up on OpnSense itself? I have another VPN provider that gives different local IPs for different connections and there it works fine. So it's just proton that has this issue (although if people know other providers that rely on the same configuration please share which ones so that I could avoid them)
- Monitor IPs. For a single connection I use my VPN provider's DNS IP. However since it's routed through a single gateway I can't reuse it for a different gateways. I don't want to lock google or cloudflare dns ips for that since I may want to use them sometime. Currently I picked some random IP addresses in the countries I connect to but it doesn't seem right to constantly ping random addresses so if people could point me to some IPs (both IPv4 and IPv6) that are "designed" for that purpose that would be helpful.
- Killswitch. There is a killswitch that prevents the traffic from leaking through regular WANs. Do I need to create similar rules to prevent the traffic leaking across VPN connections in case some of them go down while the others stay up?