connect 2 vpn at the same time?

[st3v3n]

CaptainSTX, awesome pics, I'm envious, will have consider a temporary roll-back if only to see how the AC3200 handles it. If/when you have time, wondered what your CPU and temps average depending on what bandwidth?

Jack Yaz, thank you both for your time, sarcasm wasn't intended to be derogatory on my post, but the internet has a way of not grasping any sense of humor, wry or otherwise.

 

[CaptainSTX]

CaptainSTX, awesome pics, I'm envious, will have consider a temporary roll-back if only to see how the AC3200 handles it. If/when you have time, wondered what your CPU and temps average depending on what bandwidth?

Jack Yaz, thank you both for your time, sarcasm wasn't intended to be derogatory on my post, but the internet has a way of not grasping any sense of humor, wry or otherwise.

The router I showed the screen shots for is the first router in a double NATed string. I run the three VPNs on it and AI protection. The Temperatures are 2.4 Ghz 54 C , 5 Ghz 55 C and the CPU 82 C. Most of my traffic (90%) passes through this router to another router and a VPN appliance so the CPU load on either core is usually less than 10% unless I run a speed test.

 

[st3v3n]

CaptainSTX, I've tried drawing a line through the sensitive areas on screen shots, and it's not as easy as you made it look. Pulling a rectangle then cutting a block out with the trackball to erase the addresses, ID, PW works, but makes it look like a black hole popped in. Red lines get one's attention.

The temps on our RT-AC3200 always run between 43C-55C across all of radios/CPU. There was no video streaming in the photos I posted with this, just regular traffic, and the temps reflect this. Running high-def YouTube flicks on both the iPhone and IPads never pushed temps over 55C. Depending how much bandwidth is flowing with video streams over Ethernet to the 4K TV and/or the Roku Ultra downstairs, the router CPU and radios have always been stable. We been been lucky with this unit or maybe it was built on a Wednesday, so except for a couple of problems, no complaints on this model. I've never actually tried streaming 4K video over Wi-Fi since the router is within four feet of the TV and video boxes, 8 feet of CAT7 to the downstairs switch. Doing so would definitely stress the radios and raise temps. A 4-inch silent fan a foot away is pointed down at the side/bottom of the 3200. Three concurrent OpenVPN configs, with one one config used for video shouldn't cause problems with conservative use.

V380.66_6 was the last release before the 3200 was restricted to two OpenVPN tunnels. Since I'd erroneously believed it wasn't possible to run two concurrent configs, I've always upgraded the routers whenever security warranted. You fellows have certainly earned your MVP/VSM badges by helping break new ground for me with this thread, more than any other. I've built an offline screen shot archive of relevant pages over the years which has helped as I go along. I'll roll back to v366.6_6 to see how three OpenVPN configs and side issues compare to how it runs now. I'll lose a few fixes and drop a notch with OpenVPN, but nothing that should send me or router to never-never land.

I've never dropped back that many builds just to have one valuable feature only, but the router will always have at least one stable config on client 1 to work with. I'm going to isolate the router and test through a port on our PfSense box, so the rest of the LAN stays running and to avoid any possibility of incurring wife-wrath.

Reports of GUI slowdowns/stalling and other side issues apparently increased after v367.0 if my research is correct. I looked at as many reports possible across all models from v365.0 to v380.68_4, involving multiple configs, GUI, 2.4/5 GHz radio temps, Wi-Fi dropping, etc. The GUI problems were the worst of the symptoms for our router, with the date/time swap-bug taking 2nd place. It's GUI issues materialized post-380.68_4 and only after I'd begun testing mulitple OpenVPN configs, one at a time, using only client 2 for each config change. The same configs have all proven error free.

V380.68_4 was the most trouble-free, smooth upgrade ever for me, but the GUI crashing had me ready to pull and RMA the unit; glad I didn't. High temps seem to be related in what I've read, but which this unit never had, and no other model seemed to experience severe GUI crashes. Anyone with information on going back to 380.66_6 or further to test multiple configs on this model, please post. Thanks again for posting your photos, Cheers.

 

[Xentrk]

"What I am ultimately trying to do is get say 192.168.1.5 to go via vpn 1 and 192.168.1.6 to go via vpn 2. Easy by simply using policy rules to redirect internet traffic but I cant get the second vpn to connect without disconnecting the first one."

I would like to do this too - and have been trying for years - but keep being confronted by the same issue.

Let's keep it simple: I use Astrill but I can also use TorGuard - both well known - both allow multiple logins.

I want two VPN Clients connected 24x7

Maybe the secret is using Exclusive DNS. For testing purposes, I am willing to limit the test to just one device (per tunnel).

Do I need to use a script or can Merlin 380.68 handle that from the GUI using Policy Routing?

@princi ,
I have a recent story to add on to what @Martineau posted here

On my pfSense applicance, I have two OpenVPN clients configured with firewall rules set to route connections from specific clients and domain names thru specific VPN clients.

I recently added a third OpenVPN client and created firewall rules to route certain traffic to this tunnel.

It worked most of the time.

Sometimes though, the second and third OpenVPN clients had the same Virtual Address. This causes my selective routing firewall rules to not work. To fix, I had to bounce either the second or third OpenVPN client until it got a unique Virtual IP Address e.g. 10.8.0.1. My provider is TorGuard.

How can two OpenVPN clients get the same Virtual Address? How to prevent?

If I just have two OpenVPN clients running at a time, everything works fine. Adding the third OpenVPN client causes the issue.

I went back and looked at the VPN providers specs (changed recently for OpenVPN 2.4). I changed the port configuration and the encryption assigned to that port number on each client. From the specs table, this should ensure that each client gets a virtual IP address that is on a different subnet. Snip below

Port Protocol Subnet DNS Data Encryption Data Authentication (for signing packets) TLS Handshake Diffie-Hellman (session key)
443 UDP 10.9.x.x 10.9.0.1 cipher BF-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC** HMAC-SHA1 2048 bit RSA 2048 bit
443 TCP 10.8.x.x 10.8.0.1 cipher BF-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC** HMAC-SHA1 2048 bit RSA 2048 bit
80 UDP 10.22.x.x 10.22.0.1 cipher AES-128-CBC* cipher AES-128-GCM:AES-256-GCM:AES-256-CBC:BF-CBC**

I have had no more issues since making the change!

 

[RMerlin]

CaptainSTX, I've tried drawing a line through the sensitive areas on screen shots, and it's not as easy as you made it look. Pulling a rectangle then cutting a block out with the trackball to erase the addresses, ID, PW works, but makes it look like a black hole popped in. Red lines get one's attention.

Take a look at Greenshot. It offers tools for both obfuscating and highlighting regions.

 

[princi]

For those of you that asked, here are screen shots of the three VPN configurations I have running on my AC1900P

Some of the custom setting may not be showing so if you are using that VPN provider and you need to see exactly what is in the box let me know and I will post that.

Thanks for trying. However, too fuzzy for me to read. Time for glasses, I think. I’m holding out as long as I can.

Good to see that you use Astrill too.

 

[st3v3n]

Indeed, thank you RMerlin, much obliged. Princi, seriously, you may want to try a few sets of different focal-length reading glasses. I had a $400 pair of bifocal glasses that weren't helpful for computer work. I picked up a pair of $1.00 readers from a dollar-type general store, then went to several pair. They hold up quite well and easy to replace when run over or stepped on. The doc talked me into losing my cataracts a few years ago. The procedure made everything much brighter. He didn't mention he'd inserted 20/20 permanent lenses to replace what he removed. Couldn't figure at first why I couldn't see a screen or shave, and was happier being nearsighted. I used the 4K TV and 30 inch HD monitor for color and general detail, and the headaches from eye strain went away when I found the cheap readers.

I turned off the vent fan on the AC3200 streaming 4K, the temps shot up to 70C in a few seconds. Turned the fan back on and in under a minute it was down to 53C again.

Greenshot is excellent and will make life easier. Hard to beat the spirit of people helping each other, humble thanks gents.

 

[st3v3n]

Xentrk, Had been searching the forum, and though this is dated, it's closely related to what I'm working on. Remembered you'd tried to run three concurrent OpenVPN configs (#24) on your PfSense machine last years and we've had two concurrent OpenVPN configs/clients running on the AC3200 for over a year now, and have managed to get a third client (making two video streams) to run, with no address/port conflicts, but it has the effect of dragging the 3200 cores down, when I added that second video client to the other two, regardless of how the clients were numbered. Three configs was touched on in #11 and the pics in #20 for the RT68 (I couldn't enlarge) along with your post and you'd settled for running two clients due to virtual address conflicts on your PfSense machine.

Forward to this year, 10/2018, we were about to upgrade from the AC3200 to an AC86U, when the the prime OpenVPN blocks occurred . TG's replacement IPs have tested well so am getting back to this project. I wondered if you'd ever gotten three concurrent OpenVPN clients running on your PfSense box or your Asus, or if others have had good luck distributing three clients among the Asus cores? The PfSense 4-core Intel box should be able to easily handle three OpenVPN clients if there aren't conflicts, and as three clients run (though straining) on the 3200, the 86U's CPU should handle the third client, if we can balance the load; then I will retask the 3200. Phrased that best as I could; many thanks.

 

[Xentrk]

Xentrk, Had been searching the forum, and though this is dated, it's closely related to what I'm working on. Remembered you'd tried to run three concurrent OpenVPN configs (#24) on your PfSense machine last years and we've had two concurrent OpenVPN configs/clients running on the AC3200 for over a year now, and have managed to get a third client (making two video streams) to run, with no address/port conflicts, but it has the effect of dragging the 3200 cores down, when I added that second video client to the other two, regardless of how the clients were numbered. Three configs was touched on in #11 and the pics in #20 for the RT68 (I couldn't enlarge) along with your post and you'd settled for running two clients due to virtual address conflicts on your PfSense machine.

Forward to this year, 10/2018, we were about to upgrade from the AC3200 to an AC86U, when the the prime OpenVPN blocks occurred . TG's replacement IPs have tested well so am getting back to this project. I wondered if you'd ever gotten three concurrent OpenVPN clients running on your PfSense box or your Asus, or if others have had good luck distributing three clients among the Asus cores? The PfSense 4-core Intel box should be able to easily handle three OpenVPN clients if there aren't conflicts, and as three clients run (though straining) on the 3200, the 86U's CPU should handle the third client, if we can balance the load; then I will retask the 3200. Phrased that best as I could; many thanks.

I run three OpenVPN clients on pfSense since I changed over to it as my primary home router. I still get 6 times the OpenVPN performance I see on the AC88U over WiFi and more than that on a Ethernet connection.

For the Selective Routing project on the Asuswrt-Merlin on AC88U, I am testing with up to five OpenVPN clients at a time.

I installed an AC86U for another expat and was never able to achieve the improved OpenVPN performance others have reported. No difference in performance compared to my AC88U. A major let down after seeing the vastly improved performance others reported. Disappointed I am!

 

[st3v3n]

Xentrk, Aha, thank you, good to know you got three clients working, needed a light-bulb moment today. Five OpenVPN clients on the 88U should be enough to keep most happy This means our Intel box omes off the shelf to be retasked/reloaded and I'll have to dust cobwebs out of the neurons before it gets much colder. Had thought the AC86U would get us at least the 2 video streams plus one non-vid port out to the other switch, so the 3200 could ease off to AP. status. Have researched until the eyes burn but still haven't come up with the way to properly allocate the client across the 1-gig dua- core. The AC86 with extra discounts was a steal when the price dropped, figured the 1.8 gig would surely handle three OpenVPN clients The 86Y will be a better backup than the AC3200 for a while. Getting used to having three dependable powerful OpenVPN clients on the PfSense box begs for backup for that. Replaced the Xeon with an i5 3-gig CPU to be compatible with AES-NI, and have a spare AMD 8300 chip and extra parts that could double as a spare router, though it would be overkill. Much appreciated