1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[SOLVED] Can't set up multiple VPN client instances

Discussion in 'Asuswrt-Merlin' started by bananabrain, Apr 2, 2020.

  1. bananabrain

    bananabrain New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    6
    Evening folks,

    I have an RT-AC86U running firmware 384.15.

    My question is, how are the five VPN client instances intended to be used?

    My guess is that each can hold a different configuration for one of your VPN provider's servers (geographically diverse/different intended use, or whatever), and that only one client instance should be active at one time. Please correct me if I'm wrong.

    Recently for the first time I had reason to use a second client instance configured for a different VPN server. What I've found since then is that whatever I do the router blocks internet access if I use any of client instances 2 to 5.

    I set up a spare slot with the new VPN configuration file from my provider, and every field is identical to the configuration in client instance 1 (except, obviously, the server address), and also has an identical set of client traffic routing rules.

    I then set client instance 1 to stay down on boot, the new client instance to start on boot, then reboot...

    ...and have no internet access from my LAN.

    Code:
    $ ping archlinux.org
    PING archlinux.org (138.201.81.199) 56(84) bytes of data.
    From _gateway (192.168.1.254) icmp_seq=1 Packet filtered
    From _gateway (192.168.1.254) icmp_seq=2 Packet filtered
    From _gateway (192.168.1.254) icmp_seq=3 Packet filtered
    From _gateway (192.168.1.254) icmp_seq=4 Packet filtered
    ^C
    --- archlinux.org ping statistics ---
    4 packets transmitted, 0 received, +4 errors. 100% packet loss
    

    I haven't found anyone in here with similar issues, so I hope someone can kindly help me find where I've gone wrong.

    Phil
     
  2. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,502
    To run either a VPN client one at a time with each client being to a different server or multiple clients be sure that you don't have block routed clients if tunnel goes down set in any of the VPN clients.

    It may be possible to selectively block using scripts so that if any VPN client is running but not through the GUI.
     
  3. bananabrain

    bananabrain New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    6

    That's it!
    Thank you so much...
    There was nothing about your advice that was obvious to me.

    So in that case... the failsafe kill switch is unusable if more than one client session is loaded with a VPN server configuration - even if only one session is in use and all the others are disabled?

    Very strange...

    Again, many thanks.

    Phil
     
  4. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,502
    You might be able to keep the kill switch working but you will have to test for yourself.

    First on the client you are running disable the kill switch and hit the apply button. Then turn the service state off and hit apply button.

    Second step would be to go into your next client and first activate kill switch then turn service state on.

    If the kill switch is important run the experiment and see what happens.
     
  5. bananabrain

    bananabrain New Around Here

    Joined:
    Sep 15, 2019
    Messages:
    6

    This is very confusing, but your advice is excellent.

    I can use a client kill switch (ie "Block routed clients if tunnel goes down") on any of the five client instances as long as I begin from a position of all kill switches being set OFF and then applied.

    After that, switch ON the the kill switch in the client intended for use, and apply.
    Finally, enable the service for that client.

    It's very simple, but I never would have guessed it without someone telling me.

    Thanks again, you've been a great help.

    Phil