1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

VPN - test cases - client to site, site to site.

Discussion in 'VPN' started by RemoveByFriction, May 1, 2019.

  1. RemoveByFriction

    RemoveByFriction New Around Here

    Joined:
    May 1, 2019
    Messages:
    1
    Dear users of forum,

    Have you met with the OpenVPN configuration, which will allow you to switch automatically
    conneciont from the udp tunnel to tcp?
    I note that I do not mean to make that with OpenVPN Access Server.
    The issue is that I would like to have such a configuration applies to restrictive firewalls.
    The idea is that if it is impossible to make vpn tunel using UDP,
    automatically the client try to create a connection on TCP port 443.
     
    Last edited: May 5, 2019
  2. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    233
    You can use the remote directive to define additional possible OpenVPN servers you're interested in.

    Code:
    remote 199.199.199.199 udp 5353
    remote 188.188.188.188 tcp 443
    ...
    Just add it to the Custom Config field. The OpenVPN client will traverse the list, in order, until it gets a connection. If that fails, it returns to the top and tries again. Ad infinitum.

    But this only works if those servers are configured w/ the same CA cert, client certs and keys, etc. Sometimes that's the case (e.g. PIA), sometimes NOT (e.g., NordVPN).
     
    RemoveByFriction likes this.
  3. Marin

    Marin Very Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    762

    I am assuming the 199.xxx.....are IP’s of the VPN servers.

    Also if there are more VPN servers available (and provided that CA certs/keys/etc are the same)-could your Custom Configuration lines be modified to this?


    Code:
     remote 103.86.96.100 udp 1194
    remote 103.86.96.100 tcp 443
    remote 103.86.99.100 udp 1194
    remote 103.86.99.100 tcp 443

    Sent from my iPhone using Tapatalk
     
  4. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    233
    Yes to both questions.
     
  5. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    233
    Additional tip.

    If you add the server-poll-timeout directive to Custom Config as well, then you can control how long to wait for a response from the current remote before moving on to the next one.

    Code:
    server-poll-timeout 10
    In the above example, I've instructed the OpenVPN client to only wait 10 secs before moving on to the next remote. This can very handy given the OpenVPN client might wait as much as a minute (by default) before giving up on the current remote.
     
    RemoveByFriction and Marin like this.