2 OpenVPN clients and selective routing issues

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Intrepid2007

Regular Contributor
Hello,

On my AX88U (384.18A firmware) I want to configure 2 OpenVPN clients with selective routing enabled:

Surfshark Denmark:
traffic from clients with IP addresses in the 172.16.1.0/24 range is routed to this VPN server

Surfshark USA:
traffic from clients with IP addresses in the 172.16.2.0/24 range is routed to this VPN server

This works well if I use other VPN providers, but in the scenario above with Surfshark it doesn't seem to work well.

Traffic from my cellphone with IP address 172.16.2.10 is routed to Surfshark Denmark and that should not happen.

I am not an expert at all in this, but when I look at the local IP addresses assigned to the VPN clients, it appears that they (maybe) are in the same subnet??? 10.8.8.80 and 10.8.8.4... Maybe this is causing a problem?

Surfshark Denmark:
upload_2020-6-1_1-56-6.png


Surfshark USA:
upload_2020-6-1_1-56-31.png



Does anyone have an idea how to fix this??

Thanks
 

RMerlin

Asuswrt-Merlin dev
I am not an expert at all in this, but when I look at the local IP addresses assigned to the VPN clients, it appears that they (maybe) are in the same subnet??? 10.8.8.80 and 10.8.8.4... Maybe this is causing a problem?

This will indeed create a problem. You cannot have two separate networks with the same subnet, only the first route will be used.

There is nothing you can do about it, just don't connect both at the same time.
 

raven-au

Senior Member
I am not an expert at all in this, but when I look at the local IP addresses assigned to the VPN clients, it appears that they (maybe) are in the same subnet??? 10.8.8.80 and 10.8.8.4... Maybe this is causing a problem?

This seems odd to me.

I haven't seen this sort of conflict with Surfshark, not that I've used multiple SS vpn clients on the same device, but I have paid attention to addresses used and they have seemed ok to me but I could be wrong of course.

Perhaps you've used the wrong config in one of the clients, or perhaps you could use a different US server location, not sure if there are multiple Denmark servers but if there are try a different one.

Ian
 

Intrepid2007

Regular Contributor
This will indeed create a problem. You cannot have two separate networks with the same subnet, only the first route will be used.

There is nothing you can do about it, just don't connect both at the same time.

Thank you for the reply, my suspicions are correct then.

Up until last week I used ExpressVPN for 15 months and that worked fine. I had a simular setup with this provider... The difference though was that the local IP addresses of both VPN clients never were in the same /24 range. I guess it's because of that it always worked fine.
 

Intrepid2007

Regular Contributor
This seems odd to me.

I haven't seen this sort of conflict with Surfshark, not that I've used multiple SS vpn clients on the same device, but I have paid attention to addresses used and they have seemed ok to me but I could be wrong of course.

Perhaps you've used the wrong config in one of the clients, or perhaps you could use a different US server location, not sure if there are multiple Denmark servers but if there are try a different one.

Ian


I tried different Surfshark servers (Netherlands/Belgium in Europe and in the US I tried NY/Boston) and I always encountered the same problem. I noticed the same 'issue' regarding the local VPN IP address.. Maybe I should try them all to see if there are VPN servers using different IP addresses outside the same 10.8.8.0/24 range. But I am afraid they all are the same.
 

Intrepid2007

Regular Contributor
Well, I found a work-around for my problem...

Surfshark also supports OpenVPN/TCP and when I configure one VPN client in TCP/IP mode, it is assigned a IP address in another range (10.7.7.0/24). Now it works.. It's not ideal (slower) but it's still fast enough to stream video.
 

raven-au

Senior Member
Surfshark also supports OpenVPN/TCP and when I configure one VPN client in TCP/IP mode, it is assigned a IP address in another range (10.7.7.0/24). Now it works.. It's not ideal (slower) but it's still fast enough to stream video.

I've seen people say similar things on the forum.
I'll keep an eye out next time I try and use SS, I was so sure different servers were using different ranges and I was paying attention to that.
That is something I will need to watch out for (glad you asked about it and reported findings, thanks) since I will most likely want to use more than one client in the long term.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top