pfSense with 5 Failover NordVPN Client setting with conflict gateway IPs

Hello, I am new in pfSense .

Initially I set up single NordVPN client and works perfectly.

Then I set up 3 NordVPN clients (3 different countries) works OK, but sometime OpenVPN gateway may have same subnet ( for client #2 and for client #3), if this happens it will show connected but no traffic, then either keep on pressing the cycle button until it change to different IP such as or… Or it may take a while for NordVPN or pfSense to re-issue a new gateway ip. Once clients have different gateway IP, then all can work as Failover & Balancing (depending on the Gateway Group setting).

I tried to setup 4 & 5 NordVPN clients, it shows 5 connections, but not traffic for 2 connections, can only traffic with max. 3 connections, because either pending for gateway IP or have conflict OpenVPN gateway IP. Even I press and press the recycle button for each pending or conflict gateway IP. Still no new IP. :slight_smile:

My question are:

  1. is there any setting that can set those gateway IP to static?
  2. pfSense assign those IP?
  3. NordVPN assign those IP?

I use AirVPN as far as I can see the gateway is assigned from the VPN provider. Not that I have really noticed but the addresses stay the same.

Doesn’t sound like you have done anything wrong in pfSense.

More likely you have made an error in producing the certs from Nord.

Gateway is provided by VPN provider that is my though too.

Regarding to the certs from NordVPN, I checked couple downloaded cvpn files, the CA and TLS-auth in each ovpn files are identical. I will double check them again.

Any other though?

Try with different servers in different actual locations.

Server #1 is in Canada
Server #2 is in Hong Kong
Server #3 is in USA
Server #4 is in Japan
Server #5 is in UK

I think it’s more of an issue with Nord, inspect their forums to see if others have encountered this.

Checked with NordVPN, the following is their reply:

"Firstly, please note that unfortunately, we do not have any guides on setting Failover with our services on PfSense routers.

Thus, it seems like the set-up you are trying to do here is outside of our knowledge or assistance scope.

Moreover, the Gateway IP and Subnet are not assigned by NordVPN. "

So both 10.8.X.X for NordVPN interface & 10.8.X.1 OpenVPN gateway IP are issued by pfSense.

Anyone know where are these IP come from?

That doesn’t sound right.

If I setup an OpenVPN server, the gateway IP comes from the tunnel IP address.

It must be the case that the server sets this, I don’t see how pfSense can.

I am not talking about the Gateway before pfSense router. I am talking about the gateways that set by pfSense for each NordVPN interface.

me too. If you set up the openVPN server you’ll see what I mean.

This is what ChatGTP suggest to edit manually.

Set "IPv4 Tunnel Network: vpn_set_tun_local <clients_name> <ipv4_tunnel_network>

Set Gteway IP: route_add_vpn_gateway_ip <client_name> <gateway_ip>

I will backup config files then try it.