OPNsense Forum

English Forums => 18.7 Legacy Series => Topic started by: jkemp on December 31, 2018, 09:41:11 pm

Title: Need some suggestions on cloning VPN client
Post by: jkemp on December 31, 2018, 09:41:11 pm
Hello Everyone,

I have an issue I need some help with. I created an OpenVPN client which is working. I also created three other clients by cloning the first client.

None of the clones work. They connect with the end result being: Initialization Sequence Completed and stay connected, but no data throughput.

I have verified all the settings are correct. From host address to certificate for each client. All three are different. The other settings are the same between the three clients. Is there another setting that must be made in order for all four clients to connect and have throughput? No at the same time but switching between them.

The first client connects and data flows as normal.

Another question, if I may?

Can all the clients remain active, while only one instance be connected. Currently I disable the previous client, but was curious whether I could leave them all enabled and just start on instance?

Thank you for any repsonses and time spent on this issue.
Title: Re: Need some suggestions on cloning VPN client
Post by: bartjsmit on January 01, 2019, 09:27:57 am
Do you control the OpenVPN server? If so, add a 'log-append /var/log/some/location' to its config file and reload. Subsequent error messages will give some guidance. You will also need 'duplicate-cn' and 'max-clients' to allow multiple concurrent connections from the same client. Full details are here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Also remember that OpenVPN uses UDP by default. If the client does not explicitly disconnect, the server may consider the connection still open for some time.

Bart...
Title: Re: Need some suggestions on cloning VPN client
Post by: jkemp on January 01, 2019, 01:19:29 pm
Hello bartjsmit,

Thank you for the suggests. I will add the log-append.

No I do not control the server. It is a NordVPN server.

Also, I do not wish to have concurrent connections. I only need to switch to different NordVPN servers. In other words I added a few of their servers in the event one is down or faster. I shut down the client before connecting another one in the list I create.

The very first client I created connects no problem. It is the remaining clones that do connect but no data is passing.

So I was really asking if the clone feature has a bug maybe. I edited the clones to make sure the certificates were unique and a few were. So I made those changes. Still, will not work.

I'm starting to think the UDP protocol not releasing the client on my end, and the server end like you mention.
Title: Re: Need some suggestions on cloning VPN client
Post by: bartjsmit on January 01, 2019, 02:38:17 pm
You can set multiple hosts in a single client config by adding a 'remote host port proto' line for each. This will give you resilience against hosts being down. No preference on speed though.

Bart...
Title: Re: Need some suggestions on cloning VPN client
Post by: jkemp on January 01, 2019, 10:01:50 pm
Wow! Thank you, bartjsmit

That shorten my list significantly.

Does that approach work similar to the 'remote-random' that can be entered into the advance setting?

I can see that I can group clients that use the same certificate from the same city.

But when I add a few clients from another city in a new client group, the same thing happens.
It will connect, but no throughput. Even though, I shutdown the previous client.

But I like the idea of listing several clients under one city description.

Title: Re: Need some suggestions on cloning VPN client
Post by: bartjsmit on January 02, 2019, 09:13:42 am
Remote random provides some crude load balancing between servers. Without it, the client will always try the first server first.

The man page is an Alladin's cave of hidden gems, and well worth reading top to bottom at least once ;-)

I reckon you need to speak to NordVPN about the failed connections.

Bart...