1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Multiple clients to individual AirVPN servers

Discussion in 'Asuswrt-Merlin' started by bhennink, Apr 24, 2019.

  1. bhennink

    bhennink New Around Here

    Joined:
    Apr 21, 2019
    Messages:
    4
    I have discovered that some servers are blacklisted and checked 8 ones that I made sure of they are OK.

    The normal config is have a config file for all servers in country of interest.
    What happens ig I add for example 5 client entries to one individual server?
    Will they all try to connect or is that a fall back situation where if the 1sty fails, the 2nd kicks in?
    Would that be a valid strategy?

    Greets,
    Bert
     
  2. eibgrad

    eibgrad Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    153
    It's not normal, nor recommended, to have more than one OpenVPN client connected at the same time. At least not when dealing w/ commercial OpenVPN providers. Each OpenVPN provider will attempt to change the OpenVPN client's default gateway to its own VPN. And if you have more than one OpenVPN client active at the same time, you'll create a mess. As each OpenVPN client gets connected, it will stomp on the previous OpenVPN client's changes to the routing table!

    The only time it makes sense to have more than one OpenVPN client is if you are using policy based routing, and plan to send specific clients on the local network through specific OpenVPN clients (e.g., for load balancing purposes, or perhaps to let specific clients appear to be coming from different countries).

    That said, if you want to have more than one OpenVPN server considered for *one* OpenVPN client, then you need to specify those as remote directives in the Custom Config field of that OpenVPN client.

    Code:
    server-poll-timeout 10
    remote 91.227.222.7 5353 # United Kingdom, Cambridge
    remote 91.227.222.7 5000 # United Kingdom, Cambridge
    remote 23.19.26.250 5353 # United States, Los Angeles
    remote 23.19.26.250 5000 # United States, Los Angeles
    ...
    Those remotes will be processed one at a time, round robin, until a connection is made.

    Note, I use the server-poll-timeout directive to limit how long I want the OpenVPN client to wait before trying the next server.
     
  3. bhennink

    bhennink New Around Here

    Joined:
    Apr 21, 2019
    Messages:
    4
    @eibgrad, I think this round robbin solution is exactly what I was thinking of. This is how the desktop app ( Eddie) of airvpn works.
    Could I do this in the ASUS merlin software?

    I would like to combine this with a kill switch in the router;)
     
  4. eibgrad

    eibgrad Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    153
    Yes you can. Here's what I do.

    I sometimes use a free VPN called SecurityKISS.com for development and testing purposes. I have a complete list of all their servers, and so I add them all to the Custom Config field as remote directive.

    Code:
    server-poll-timeout 10
    remote 91.227.222.7 5353 # United Kingdom, Cambridge
    remote 91.227.222.7 5000 # United Kingdom, Cambridge
    remote 69.175.85.2 5353 # United States, Chicago
    remote 69.175.85.2 5000 # United States, Chicago
    remote 78.46.254.48 5353 # Germany, Nuremberg
    remote 78.46.254.48 5000 # Germany, Nuremberg
    remote 217.147.94.149 5353 # United Kingdom, Maidenhead
    remote 217.147.94.149 5000 # United Kingdom, Maidenhead
    remote 178.63.171.106 5353 # Germany, Nuremberg
    remote 178.63.171.106 5000 # Germany, Nuremberg
    remote 178.32.250.32 5353 # United Kingdom, London
    remote 178.32.250.32 5000 # United Kingdom, London
    remote 173.212.205.240 5353 # Germany, Munich
    remote 173.212.205.240 5000 # Germany, Munich
    remote 195.154.232.143 5353 # France, Paris
    remote 195.154.232.143 5000 # France, Paris
    remote 51.38.95.51 5353 # United Kingdom, Gosport
    remote 51.38.95.51 5000 # United Kingdom, Gosport
    remote 51.38.95.36 5353 # United Kingdom, Portsmouth
    remote 51.38.95.36 5000 # United Kingdom, Portsmouth
    #remote 23.19.73.147 5353 # United States, Los Angeles
    remote 23.19.73.147 5000 # United States, Los Angeles
    Notice that *one* of them is commented out. That's the one I specify in the OpenVPN client GUI (Server Address and Port). It's the first server to which a connection is attempted. I chose it because after a lot of testing, I found it to be the one that connects successfully most often. But someone else might choose a server because it's closer, or perhaps more lightly loaded. If that connection is NOT successful (and it will only wait 10 secs to make that determination due to the server-poll-timeout directive (which you can adjust to your liking)), then the OpenVPN client just runs through all the other remotes, in order, until it makes a connection, or has to return to the top of the list and start over.

    There's also a remote-random directive you can add that scrambles the list of remotes first, then runs through the scrambled list. I don't use it, but the OpenVPN documentation suggests using it for load balancing purposes.