How to add and use more then 5 OpenVPN client`s configs?

[Alexander82]

Hi!

My router is Asus RT-AC68U. I need to connect more then 5 OpenVPN servers simultaneously. But the latest stable Asuswrt-Merlin allow to use only 5 OpenVPN client`s configs. How can I to increase the number of OpenVPN client`s configs?

Thank you.

 

[RMerlin]

You can't. 5 is already wasting a lot of precious nvram space, adding more clients is out of the question.

If you need that many clients, you should consider using a server, with sufficient RAM and CPU power to handle that many simultaneous connections.

 

[Alexander82]

Is this maximum only for my router? Or is this maximum for any other, for example, rt-ac3200, too?

 

[RMerlin]

Is this maximum only for my router? Or is this maximum for any other, for example, rt-ac3200, too?

Low-end models support 1 or 2 (I forgot), high-end support 5.

 

[Marko Polo]

But the question here is not to use these 5 connections simultaneously but use them one by one. Why can't I just store these configs?

 

[unsynaps]

You have to store their information somewhere. And that is in NVRAM. Where there is not a lot of space to work with.

Does not matter if the connections are active or not.

 

[Martineau]

But the question here is not to use these 5 connections simultaneously but use them one by one. Why can't I just store these configs?

You should be able to store as many VPN Client configs as you like in a script, then have that script dynamically load a specific VPN into a designated dynamic VPN Client

e.g. Suppose you decide to nominate VPN Client 4 to be a multi-use client.

You could then overwrite the existing VPN Client 4 GUI configuration with appropriate custom data, and restart the client with a different VPN configuration:

service stop_vpnclient4
sleep 20

case $1 in
     config1)
          nvram set vpn_client4_addr="XXX.XXX.XXX.XXX"
          nvram set vpn_client4_proto="udp"
          nvram set vpn_client4_port="PPPP"
          nvram set vpn_client4_clientlist="<UUUUUUUU>0.0.0.0>ZZZ.ZZZ.ZZZ.ZZZ/24>VPN"
          nvram set vpn_client4_local="10.8.0.2"
          nvram set vpn_client4_remote="10.8.0.1"
          ;;
     config2)
          ;;
     config99)
          ;;
esac

# These following values may not need to be changed?

nvram set vpn_client4_if="tun"
nvram set vpn_client4_adns="0"
nvram set vpn_client4_bridge="1"
nvram set vpn_client4_cipher="AES-128-CBC"
nvram set vpn_client4_comp="adaptive"
nvram set vpn_client4_custom="$(echo-e"float\nkeepalive1560\nns-cert-typeserver")"
nvram set vpn_client4_digest="default"
nvram set vpn_client4_enforce="1"
nvram set vpn_client4_firewall="auto"
nvram set vpn_client4_hmac="-1"
nvram set vpn_client4_nat="1"
nvram set vpn_client4_nm="255.255.255.0"
nvram set vpn_client4_poll="0"
nvram set vpn_client4_retry="-1"
nvram set vpn_client4_rgw="2"
nvram set vpn_client4_tlsremote="0"
nvram set vpn_client4_userauth="0"
nvram set vpn_client4_useronly="0"
nvram set vpn_client4_cipher="AES-128-CBC"
nvram set vpn_client4_ncp_enable="1"
nvram set vpn_client4_ncp_ciphers="AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC"

nvram commit

service start_vpnclient4

Many thanks to @john9527's NVRAM Save/Restore script for identifying ALL of the necessary NVRAM variables!

 

[RMerlin]

You should be able to store as many VPN Client configs as you like in a script, then have that script dynamically load a specific VPN into a designated dynamic VPN Client

e.g. Suppose you decide to nominate VPN Client 4 to be a multi-use client.

You could then overwrite the existing VPN Client 4 GUI configuration with appropriate custom data, and restart the client with a different VPN configuration:

Many thanks to @john9527's NVRAM Save/Restore script for identifying ALL of the necessary NVRAM variables!

Don't forget to also update the key/certificates under /jffs/openvpn/ as needed.

 

[DiOnlyThingINoIsThatIDont]

Hello,

I know absolutely nothing about routers, networks, scripts and I do not know if there is a manual (physical or PDF) that explains all this. On the Internet, we are constantly wandering from link to link, so it is very difficult to learn things correctly.

However, OK.

Like Alexander82, I would like to be able to use different VPNs (one at a time).
However, Merlin only has five choices. Which is too little. In addition, for memory, I do not understand the problem, because the price of flash memory is ridiculously low now. So why Asus or other manufacturers do not put more. With the price that routers cost, there should be a lot more memory.

My router is an ASUS RT-AC86U. It works great with NordVPN. I was able to upload .ovpn (udp - apparently it is faster) with no problem. However, as I mentioned, five is too few.

In addition, for the scripts that Martineau mentions, it is Chinese for me and I do not know how to do it at all.
My operating system is Windows 10 Professional.

If I edit for example ca1103.nordvpn.com.udp.ovpn there is:

=============================================================
client
dev tun
proto udp
remote 139.28.218.171 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
…
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
…
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>

=============================================================
I understand absolutely nothing about it, and yet I would like to do like the NordVPN application but for it to be the router, that does it and not the application.
NordVPN has thousands of servers and I wish I could choose them and upload them to my router.

Thanks in advance if anyone wants to help me.

 

[L&LD]

Welcome to the forums @DiOnlyThingINoIsThatIDont.

With how you've stated things, nothing and no one can help you.

You need to learn (best by doing, failing, and seeing why, then once you taste success, continue that process until you get to your goals), all on your own.

If you really want to learn, I have no doubt you'll be successful.

Start by taking things in bite sized chunks. Starting at the end makes this learning thing seem like a mountain (when it's really not).

 

[RMerlin]

There is no good reason for anyone to need that many OpenVPN clients. You need to rethink your usage scenario.

 

[Kritiker]

There is no good reason for anyone to need that many OpenVPN clients. You need to rethink your usage scenario.

I’m missing something. After a recent firmware update my limit is now 2. In the past I had OpenVPN configurations for 3 or 4 countries but activated only one of them at a time. I suppose I can configure them, two at a time, save the resulting firmware, configure (overwrite) the next two, save that firmware and then just reload whichever of the two firmware images contains the desired OpenVPN client. Not as simple as it used to be. Right now I use a separate, RT-AC68 for that. Better would be to use a Guest SSID for my VPN client use but I haven’t coded anything in years and didn’t get that working the last time I tried a few years ago.

Anyway, thanks for all the work you have put in.

 

[Tech9]

I’m missing something. After a recent firmware update my limit is now 2.

Yes. You missed to read the changelog.

- CHANGED: Reduce max OpenVPN clients to 2 for RT-AC68U and
             DSL-AC68U due to lack of NVRAM on these two
             models.  Note that existing settings are not
             automatically removed, you must run the following
             command over SSH to remove them from nvram and
             the /jffs/openvpn/ directory:

                clear_vpnclients.sh

             A backup will be saved in /jffs/openvpn_backup.tgz.

If you want to continue using this 10-years old router in 2023 you have to live with some limitations.

 

[Kritiker]

I didn’t miss it. I ignored it because my pre-existing OpenVPN configurations were not on this router. They still are on an even older router. I could still revert to 10 but I’ll probably live with it. I was basically commenting on finding more than 2 or 3 OpenVPN configurations useful. I could have expressed it better.

 

[Viktor Jaep]

I didn’t miss it. I ignored it because my pre-existing OpenVPN configurations were not on this router. They still are on an even older router. I could still revert to 10 but I’ll probably live with it. I was basically commenting on finding more than 2 or 3 OpenVPN configurations useful. I could have expressed it better.

I use over 2000+ different random VPN configs using NordVPN, which randomly get assigned to my 5 slots. Check out VPNMON-R2 if that's of interest.

VPNMON - VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

v2.65 - Now with even more SuperRandom(tm) goodness!! Updated January 27, 2024 ***NOTICE*** VPNMON-R2 is being discontinued. Please upgrade to VPNMON-R3 for further support and new development! Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice...

www.snbforums.com

 

[Kritiker]

I use over 2000+ different random VPN configs using NordVPN, which randomly get assigned to my 5 slots. Check out VPNMON-R2 if that's of interest.

VPNMON - VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

v2.65 - Now with even more SuperRandom(tm) goodness!! Updated January 27, 2024 ***NOTICE*** VPNMON-R2 is being discontinued. Please upgrade to VPNMON-R3 for further support and new development! Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice...

www.snbforums.com

Looks interesting. Each of my OpenVPN clients needs to be in a specific country and I want to pick countries merely by activating or deactivating the appropriate client instance. For now I will live with the 2 and explore other options later.

 

[Tech9]

I was basically commenting on finding more than 2 or 3 OpenVPN configurations useful

Probably, but when your router locks up because of NVRAM full no one on the network can use Internet.

 

[Kritiker]

Probably, but when your router locks up because of NVRAM full no one on the network can use Internet.

I am not disputing that.

All I am trying to say is that some of us have the need for a few OpenVPN profiles available but not in concurrent use. If these profiles cannot be stored in NVRAM on my old router then I`ll have to live with that or find another solution. I could buy another router or use the 5 VPN clients, VPN DIrector, YasFI and/or guest networks on my new router. A new(er) dedicated router would be the simplest solution,

I was just trying to repurpose my old router instead of throwing it away and at the moment the 2 configuration limit is the price I am willing to pay to avoid having it lock up etc. That's 2 configurations more than if I had tossed it.

In fact, I am grateful to have learned that the extra configurations could have caused NVRAM problems and that removing them has reduced the likelihood of problems. I value stability.

 

[Tech9]

We already discussed the "need" of 5x VPN clients in another thread. However uses the available VPN clients as VPN configuration storage has the issue. It's a self-created issue and wrong use of available resources. The rest who found better solution to do so don't have issues.

 

[Kritiker]

Excellent!! If possible, I would appreciate your pointing me to this earlier "need" discussion and the "better solutions". I keep coming back here from time to time and have not run across them before. I seem to be using the wrong search terms.
Thank you.