Jump to content
Not connected, Your IP: 34.204.183.113

Recommended Posts

I have multiple OpenVPN client connections setup on my pfSense router. Traffic on one of my subnets is configured to use the AirVPN interfaces for outgoing traffic. The DHCP server on the subnet gives out 10.4.0.1 as the DNS server and firewall rules are in place so no other DNS server can be queried on the subnet.

 

On each of the client connections I have the Don't pull routes/Don't add/remove routes options enabled. In the past connections would pass the 10.4.0.0/16 subnet and 10.4.x.1 gateway to my routing table but wouldn't assign a default route or add other routing options. 

 

More recently my client connections would assign a route in the 10.x.x.0/24 range with a gateway at 10.x.x.1. And since I have the above options enabled I have no route to the 10.4.0.1 DNS server.

 

Is there a way I can have the client connection add a route to 10.4.0.0/16 while avoiding having the connection assigned as the default route? Or should i use the default gateway addresses as the DNS servers instead?

Share this post


Link to post

Hello!

 

This happens with all "Generation 2" servers (see also https://airvpn.org/plans and https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features ).

 

10.4.0.1 remains reachable from any other subnet (but not ping-able), however picking the VPN default gateway IP address as the DNS server address is a superior choice because it prevents any possible DNS hijacking through a route injection attack (the attacker anyway needs to control the immediate upstream router so in your case this risk is minimal or zero).

 

Kind regards

Share this post


Link to post

picking the VPN default gateway IP address as the DNS server address is a superior choice 

 

I have five concurrent connections to specific servers close to my geographic location.

 

If one assigns the 10.x.x.1 as the default gateway and 10.x.x.0/24 as the subnet will this persist on reconnects? Are the subnets static on a specific server or are client connections dynamically assigned to a random subnet?

Share this post


Link to post

Hello!

 

Subnets are static and unique for each OpenVPN daemon of each server, so you will never have overlapping subnets (useful for multihoming). However you can't know in advance which daemon your OpenVPN client will connect to due to our load balancing system.

 

We are not sure but just in case you need to determine the VPN default gateway IPv4 address this might help:

https://airvpn.org/topic/28793-monitor-ip/?do=findComment&comment=75755

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...