- vpn-pool1.offseclabs.com
- vpn-pool2.offseclabs.com
These hostnames are backed by GeoDNS-based load balancing.
Depending on the client’s geographic location, DNS resolution will direct traffic to one of our regional OpenVPN endpoints:
- EU2: lb-eu2-prod.uvpn.ospl.offseclabs.com
- NA3: lb-na3-prod.uvpn.ospl.offseclabs.com
- AP1: lb-ap1-prod.uvpn.ospl.offseclabs.com
Important Note on IP Address Changes
Because GeoDNS routing is dynamic, the resolved IP addresses may change over time as traffic is shifted between regions or load balancer nodes.
Firewall Request
Please allow outbound UDP port 1194 to the VPN pool hostnames above, or alternatively to the full set of regional load balancer IP ranges supporting:
- EU2
- NA3
- AP1
In the case where IP Allowlisting is required, allow UDP/1194 to the following IP addresses:
- 198.244.169.74
- 54.36.227.175
- 51.89.135.88
- 51.89.135.148
- 51.68.218.236
- 142.44.251.218
- 142.44.251.219
- 142.44.251.220
- 142.44.251.221
- 142.44.251.222
- 51.79.170.67
- 51.79.169.187
- 51.79.169.191
- 51.79.170.83
- 51.79.170.192
Protocol/Port: UDP 1194 (OpenVPN)
Troubleshooting – Verifying Current VPN Endpoint IPs
Because the VPN pools use GeoDNS and load-balanced regional endpoints, the resolved IP addresses may change over time.
If firewall rules are configured using static IP addresses instead of FQDNs, please verify that the currently resolved IPs match those allow-listed.
Step 1 – Resolve the Regional Load Balancer Hostnames
Run the following command from a system with DNS access:
host lb-eu2-prod.uvpn.ospl.offseclabs.com host lb-na3-prod.uvpn.ospl.offseclabs.com host lb-ap1-prod.uvpn.ospl.offseclabs.com
lb-eu2-prod.uvpn.ospl.offseclabs.com has address 198.244.169.74 lb-eu2-prod.uvpn.ospl.offseclabs.com has address 54.36.227.175 ...
Confirm all returned IP addresses are present in the firewall rules.
If new IPs appear, they must be added to the allow list for:
Protocol: UDP
Port: 1194
Step 3 – Test Connectivity (Optional)
After updating the firewall, connectivity can be validated by attempting a VPN connection using the provided configuration pack.