Changing VPN Client

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

DaveInNepean

New Around Here
Hello! I'm new to the forum and new to asuswrt-merlin as well. I wanted to be able to route only certain devices to a VPN, and since I've always been a fan of Asus routers, the path led to a new RT-AC86U, upgraded to ususwrt-merlin to get the selective routing capability.

My setup all went fine and it was all working very well. But I hit one streaming service that was detecting I was on a VPN and denying me access. I decided to set up a second VPN client to play with different servers (this is using ExpressVPN BTW). I created an exact duplicate of Client 1 but set different ExpressVPN servers. None of them worked. Even using the same server s Client 1, it was not working. I switched back to Client 1 and confirmed it was still working properly. I decided it was time for a reboot and rebooted the router. Now Client 2 was working just fine.

So, my question - is it reasonable to expect that I should be able to switch VPN clients without a reboot? The process I was using for switching was to turn off the active VPN client first, and then turn on the other one, so I never had two active at the same time.

Thanks.
 

CaptainSTX

Part of the Furniture
The issue maybe that while your VPN provider advertises that you can have multiple simultaneous VPN connections they will not permit multiple connections on a single device i.e. your router.

Try changing the port that your VPN connects to as this might make it work. Not all VPN providers offer this option.
 

eibgrad

Very Senior Member
Could be a timing issue. When using UDP, the server doesn't really know for sure when the client is disconnected since UDP is a stateless protocol. It can only *guess* based on the lack of activity over some period of time. Using TCP instead, which is stateful, the server knows exactly when the client has departed since it sends a reset message to its peer. And if your VPN provider has some rules about concurrent usage, even if it isn't from your perspective, the server might see it that way and refuse the connection, at least initially.

P.S. Because it's UDP, it's also possible the server thinks the second OpenVPN client is the first OpenVPN client! But the packet sequence doesn't match up, and so the server gets confused and refuses to continue.
 
Last edited:

eibgrad

Very Senior Member
Btw, I know you claim you never had these OpenVPN clients working concurrently (from your perspective), but in case you ever do, be aware that this can create problems, esp. when using the *same* OpenVPN provider. It's NOT uncommon for any given VPN provider to use the same IP tunnel network for many of their servers (e.g., 10.8.0.0/24). And if you successfully establish concurrent OpenVPN connections, one or the other OpenVPN client isn't going to work because of the routing ambiguity you've created.
 

chongnt

Regular Contributor
Btw, I know you claim you never had these OpenVPN clients working concurrently (from your perspective), but in case you ever do, be aware that this can create problems, esp. when using the *same* OpenVPN provider. It's NOT uncommon for any given VPN provider to use the same IP tunnel network for many of their servers (e.g., 10.8.0.0/24). And if you successfully establish concurrent OpenVPN connections, one or the other OpenVPN client isn't going to work because of the routing ambiguity you've created.
I face this issue with NordVPN when trying to create two VPN clients concurrently. All UDP connection are assigned local ip 10.8.0.0/24 range. If I have two active UDP VPN connections, I can be lucky one get 10.8.0.0/24 and the other get 10.8.3.0/24 subnet when turn in on. But every hour the key expire and I am not sure if the renewal process will get assigned new local ip. I have few occasions the next day both connections end up in the same subnet. A workaround to have two active VPN connections for NordVPN is to use UDP (10.8.0.0/24) and TCP (10.7.0.0/24) as they use different subnet. With this even after key renew/IP refresh both connections won't end up in the same subnet.

Regarding streaming, my local provider blocks VPN connection. I am not sure how they do it, probably by IP as there are not many VPN servers available in my country. What I did was use x3mRouting and create ipset to route the streaming services directly to my WAN interface. All traffic is routed to VPN clients but the streaming is sort of leaked to WAN for it to work.
 

royarcher

Very Senior Member
Hello! I'm new to the forum and new to asuswrt-merlin as well. I wanted to be able to route only certain devices to a VPN, and since I've always been a fan of Asus routers, the path led to a new RT-AC86U, upgraded to ususwrt-merlin to get the selective routing capability.

My setup all went fine and it was all working very well. But I hit one streaming service that was detecting I was on a VPN and denying me access. I decided to set up a second VPN client to play with different servers (this is using ExpressVPN BTW). I created an exact duplicate of Client 1 but set different ExpressVPN servers. None of them worked. Even using the same server s Client 1, it was not working. I switched back to Client 1 and confirmed it was still working properly. I decided it was time for a reboot and rebooted the router. Now Client 2 was working just fine.

So, my question - is it reasonable to expect that I should be able to switch VPN clients without a reboot? The process I was using for switching was to turn off the active VPN client first, and then turn on the other one, so I never had two active at the same time.

Thanks.
What streaming service is being blocked?. You could try express VPN,s DNS server. I ran into a problem with Amazon prime with express VPN so I use their streaming service (smart DNS) and no problem
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top