"
Hello,
I have a rather strange problem, but I'll start from the beginning.
I have OPNsense 24.7 running in a VirtualBox, which receives the WAN from the local network and has several VLANs. Everything works fine so far. Then I purchased a NordVPN subscription and added some OpenVPN clients following the instructions on their website.
Here are the steps I followed:
Created an OpenVPN client (with the option "Don't add/remove routes" checked).
Went to Interfaces → Assign ovpnc1, ovpnc2... (and enabled them).
The interfaces were automatically created, as seen in the screenshot [opnsense1.png]. All tunnels were assigned the same gateway address 10.100.0.1, which is provided by NordVPN and cannot be set manually. (This issue is known to NordVPN, and many users have expressed frustration over it.)
Adjusted firewall rules accordingly, set gateways for individual clients, handled outbound rules, etc. The exact rules are not really relevant to the problem.
Good news: it works. Despite having the same IP for multiple gateways [opnsense1.png], everything functions. I have no idea why it works, but it does. Based on my technical understanding, it shouldn't work, but here we are.
Now for the bad news: I want to switch to WireGuard and managed to retrieve the credentials for WireGuard from NordVPN using a trick, as it is not officially supported yet (with this script: https://github.com/sfiorini/NordVPN-Wireguard). I followed the same procedure: I created a WireGuard instance, entered all the credentials, and the gateway IP for WireGuard (which is also provided by NordVPN) is 10.5.0.1 (screenshot opnsense1.png). I set up all the firewall rules, and my (wireguard) gateway to Japan is up. It works fine.
BUT: Unlike OpenVPN, I have to create the gateway manually for WireGuard. For the first WireGuard tunnel, this is not an issue, and it runs as mentioned. However, if I try to create a second connection via WireGuard, the problem starts when creating the gateway: "This Gateway IP address already exists..." Screenshot opnsense2.png.
There's no way to have two WireGuard connections running simultaneously via OPNsense (at least not with NordVPN).
Summary:
NordVPN assigns the same tunnel IP for all connections (10.100.0.1 for OpenVPN, 10.5.0.1 for WireGuard).
Tunnel IPs should ideally be different because otherwise, the configuration seems problematic (or is it?).
With OpenVPN, gateways are created automatically, and the issue with duplicate gateway IPs is ignored.
With WireGuard, I have to create the gateways manually, and I get an error message for duplicate tunnel IPs.
Could someone explain why automatically created gateways can have the same IP multiple times, but I can't do the same with manually created gateways? I'm really at a loss here. :/
Thank you very much in advance.
Best regards,
And if anything is unclear, please let me know.
btw if I edit one of the automatically created gateways, the IP field (containing an IP which is used multiple times) stays blank.
I have a rather strange problem, but I'll start from the beginning.
I have OPNsense 24.7 running in a VirtualBox, which receives the WAN from the local network and has several VLANs. Everything works fine so far. Then I purchased a NordVPN subscription and added some OpenVPN clients following the instructions on their website.
Here are the steps I followed:
Created an OpenVPN client (with the option "Don't add/remove routes" checked).
Went to Interfaces → Assign ovpnc1, ovpnc2... (and enabled them).
The interfaces were automatically created, as seen in the screenshot [opnsense1.png]. All tunnels were assigned the same gateway address 10.100.0.1, which is provided by NordVPN and cannot be set manually. (This issue is known to NordVPN, and many users have expressed frustration over it.)
Adjusted firewall rules accordingly, set gateways for individual clients, handled outbound rules, etc. The exact rules are not really relevant to the problem.
Good news: it works. Despite having the same IP for multiple gateways [opnsense1.png], everything functions. I have no idea why it works, but it does. Based on my technical understanding, it shouldn't work, but here we are.
Now for the bad news: I want to switch to WireGuard and managed to retrieve the credentials for WireGuard from NordVPN using a trick, as it is not officially supported yet (with this script: https://github.com/sfiorini/NordVPN-Wireguard). I followed the same procedure: I created a WireGuard instance, entered all the credentials, and the gateway IP for WireGuard (which is also provided by NordVPN) is 10.5.0.1 (screenshot opnsense1.png). I set up all the firewall rules, and my (wireguard) gateway to Japan is up. It works fine.
BUT: Unlike OpenVPN, I have to create the gateway manually for WireGuard. For the first WireGuard tunnel, this is not an issue, and it runs as mentioned. However, if I try to create a second connection via WireGuard, the problem starts when creating the gateway: "This Gateway IP address already exists..." Screenshot opnsense2.png.
There's no way to have two WireGuard connections running simultaneously via OPNsense (at least not with NordVPN).
Summary:
NordVPN assigns the same tunnel IP for all connections (10.100.0.1 for OpenVPN, 10.5.0.1 for WireGuard).
Tunnel IPs should ideally be different because otherwise, the configuration seems problematic (or is it?).
With OpenVPN, gateways are created automatically, and the issue with duplicate gateway IPs is ignored.
With WireGuard, I have to create the gateways manually, and I get an error message for duplicate tunnel IPs.
Could someone explain why automatically created gateways can have the same IP multiple times, but I can't do the same with manually created gateways? I'm really at a loss here. :/
Thank you very much in advance.
Best regards,
And if anything is unclear, please let me know.
btw if I edit one of the automatically created gateways, the IP field (containing an IP which is used multiple times) stays blank.
