Jump to content
Not connected, Your IP: 216.73.216.120
AirVPN
Ph0enix

Monitor IPs for OpnSense

By Ph0enix, ... in Troubleshooting and Problems

Recommended Posts

Ph0enix    0

Ph0enix
Posted ...

I configured a few instances on my OpnSense router that connect to AirVPN. Afterwards I configured them as gateways. As part of the process one is advised to specify a monitor IP that the system pings to determine if the corresponding gateway is up and what the latency is. For the first one I use the IPs of AirVPN DNS server. Are there any other IP addresses that could be used as monitor IPs?

Currently I picked some random IP addresses from the corresponding countries. I suppose that's not the best solution, it's not nice for IP owners to be constantly pinged and then there is no guarantee that the IPs stay up or not gonna block me.

I'd like to avoid using something like 8.8.8.8 or 1.1.1.1, etc as I need these DNS servers to be routable from other subnets without locking them to just one. But if there are some other IPs on the Internet are there to be used as monitor IPs please share what they are.

Share this post

Link to post

Staff    10384

Staff
Posted ...
3 hours ago, Ph0enix said:

Afterwards I configured them as gateways. As part of the process one is advised to specify a monitor IP that the system pings to determine if the corresponding gateway is up and what the latency is. For the first one I use the IPs of AirVPN DNS server.


Hello!

With WireGuard it's a very good choice as the DNS server IP address (10.128.0.1) is also the VPN gateway address, on every and each server since the WireGuard network is one.

With OpenVPN, you have different subnet on every server though and you can't rely on a fixed address. 10.4.0.1 is available on every server for DNS queries but does not respond to ping. You could consider to extract the gateway from the tun interface settings at each connection and ping that gateway.

Kind regards
 

Share this post

Link to post

go558a83nk    380

go558a83nk
Posted ...

Are you sure you don't have an option somewhere in the gateway settings to prevent opnsense making static routes for monitor IP?  I have that in pfsense.

I usually trace the route through the VPN interface to anything (e.g. 9.9.9.9) and then use the first or second hop as the monitor address for that gateway.

In past experience I've had times where gateway monitoring said everything was fine but reaching the internet wasn't happening.  That's why I've taken to pinging something on the other side of the VPN gateway.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...