vpn_gateway Routing on Multiple Connections

Got a problem with Viscosity or need help? Ask here!

dkirk_reviewtracker

Posts: 2
Joined: Sat Oct 13, 2018 6:01 am

Post by dkirk_reviewtracker » Sat Oct 13, 2018 6:46 am
Hello!

I'm trying to set up connections to allow my developers to route traffic through two separate VPN servers. One of these servers has all of their addresses in the 10.0.0.0/24 CIDR block, and the other in the 11.0.0.0/24 block. Whenever I connect through either of them, it works just fine, but when I connect through both, I am unable to send traffic through the second connection.

Here are the relevant configuration settings for the two connections:
Connection 1 General:
Protocol: TCP
Device: tun

Connection 1 Networking:
Routing: IPv4 | Route: 10.0.0.0 | Mask/Bits: 255.255.0.0 | Gateway: vpn_gateway | Metric: Default
DNS Mode: Split
Servers: 10.0.0.8
Domains: rtx


Connection 2 General:
Protocol: TCP
Device: tun

Connection 2 Networking:
Routing: IPv4 | Route: 11.0.0.0 | Mask/Bits: 255.255.0.0 | Gateway: vpn_gateway | Metric: Default
DNS Mode: Split
Servers: 11.0.0.8
Domains: jnk

Additionally, here's the output of ifconfig that's generated by Viscosity:

utun10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
utun11: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff


I imagine that the issue is related to the inet being the same for both of these connections, but I'm not certain, nor am I sure what to do to resolve this. I'll continue poking at it & try to find a solution, but if anyone has any suggestions, it would be extremely appreciated!

James

User avatar
Posts: 1879
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Oct 15, 2018 12:52 am
Hi dkirk_reviewtracker,

Both VPN connections are on the same IP range (in fact, they're both being assigned the same IP address), which will be causing a routing conflict. You'll need to change one of the VPN servers to use a different IP range for VPN clients.
Code: Select all
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
Code: Select all
inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

dkirk_reviewtracker

Posts: 2
Joined: Sat Oct 13, 2018 6:01 am

Post by dkirk_reviewtracker » Tue Oct 16, 2018 8:18 am
Thanks for the help! I was able to change the server to use a different range of IP addresses. It connects, and I'm able to connect with the second connection & access those services, but I'm unable to access any services in the LAN of the VPN that has the different range.

Eg: Changed openvpn.conf on the server from
Code: Select all
server 192.168.255.0 255.255.255.0
to
Code: Select all
server 192.168.254.0 255.255.255.0
and now I cannot access any services behind the OpenVPN server

If you have any suggestions, they would be greatly appreciated!

EDIT 1:
here's the new ifconfig:
Code: Select all
utun10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
   options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
   inet 192.168.255.6 --> 192.168.255.5 netmask 0xffffffff
utun11: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
   options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
   inet 192.168.254.6 --> 192.168.254.5 netmask 0xffffffff
EDIT 2:
I can ping the VPN server at 192.168.255.1 & 192.168.254.1, so I think the issue is on the server's side as opposed to the local side.

James

User avatar
Posts: 1879
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Oct 16, 2018 6:25 pm
You'll most likely also need to adjust your firewall/NAT rules on the server to take into account the different IP range.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1