Dual OpenVPN tunnels not working, as intended

menomenic · February 11, 2022, 11:11am

Hello everyone,

I am running the latest openwrt on a wrt3200acm router with a standalone ap.

So far so good.

Now i wanted to add a VPN connection using nordvpn i followed this youtube link https://youtu.be/pZN4XusnwSw

I did the .auth, interface and firewall section.
At this point everything is good.
But then i wanted another vpn connection and uploaded a second configuration file on openvpn.

I set everything up and the problem started.
The second interface connection is using the first vpn and the first interface isn't working.
If i click start stop several time on the first vpn service, i got my connection back of the first interface but the second interface doesn't have a connection.
And sometime the first interface is running on the second vpn connection and the other way around!

eduperez · February 11, 2022, 12:55pm

I see no bug here...

You configured a VPN connection, and requested to direct all traffic through it. Then you configure a second VPN connection, and also request to send all traffic through it.

Perhaps you could explain how you want it to behave, and someone will help you configure it accordingly.

menomenic · February 11, 2022, 1:39pm

I want multiple VPN connections, with multiple interface threw it.

If i make 1 VPN connection everything is good, i got two interface using it,
But when adding a second VPN connection trouble begin with strange problems.

Example i want;

VPN connection 1 > interface 1 & 2
VPN Connection 2 > interface 3 & 4

What happens is;

VPN connection 1 > interface 1 & 2 ; interface connection 1 & 2 is using vpn connection two
VPN Connection 2 > interface 3 & 4 ; interface 3 & 4 has no connection.

If i stop and enable the vpn connection i got interface 1 & 2 over VPN connection 1 but VPN connection doesn't work or i have my real ip adres, this could also be the same around for VPN connection 2 with VPN connection 1

mk24 · February 11, 2022, 1:52pm

You need vpn-policy-routing. Without helper programs like that the plain Linux kernel doesn't have a way to handle two WANs.

menomenic · February 11, 2022, 2:00pm

Those red arrows needs to be that up address except it are the blue ones.

And with the red SSID'S I don't get a connection except if I stop and enable the von connection in openwrt.

I don't now why the interfaces are changing from te vpn connection.

menomenic · February 11, 2022, 2:02pm

I made some pictures to explain it better

mk24 · February 11, 2022, 2:18pm

You need to disable or forget networks that you don't want Windows to try to connect to. That is purely a Windows issue.

menomenic · February 11, 2022, 2:24pm

Those connection will not autoconnect if i start/stop in OPENWRT>VPN>OPENVPN the .ovpn files i get different results

frollic · February 11, 2022, 2:26pm

that have nothing to do with the issue at hand.

Win tries to find a wifi with internet connectivity, if it doesn't, it disconnects and moves on.

menomenic · February 11, 2022, 2:38pm

This has nothing to do with windows, maybe it is confusing using photos with windows on it.

frollic · February 11, 2022, 2:41pm

wow, that's not a contradiction at all ...

the problem is your VPN, not windows, right ?

mk24 · February 11, 2022, 2:45pm

Again if you want the effect of two routers in one box you need helper programs like vpn-policy-routing to set up filtering and directions in the kernel for some users to use one default route and some to use another.

By default the OpenVPN client sets up to default route all Internet requests through the VPN tunnel, as it is assumed that only one instance of the client will be running. Starting a second instance will cause a breakdown.

The firewall forward rules only define which paths are allowed to route. The routing tables say what will actually be routed.

menomenic · February 11, 2022, 2:47pm

Indeed the problem is the VPN, i would like to make a sreenvideo it will explain more, will this be usefull?

The interface connected to the vpn tun. interface are changed from the .ovpn file or something like that

menomenic · February 11, 2022, 3:00pm

Great do you have more information how to setup (noob) and use vpn-policy-routing?

I found this article https://docs.openwrt.melmac.net/vpn-policy-routing/

opkg update
opkg install vpn-policy-routing luci-app-vpn-policy-routing

RuralRoots · February 11, 2022, 4:12pm

That’s the one.

Pay attention to: https://docs.openwrt.melmac.net/vpn-policy-routing/#basic-openvpn-client-config
and
https://docs.openwrt.melmac.net/vpn-policy-routing/#multiple-openvpn-clients

menomenic · February 11, 2022, 6:22pm

Thanks, could you better explain this maybe a noob guide?

Also why if i click the stop button, both vpn's stops and when i click start again the other vpn start but not the vpn that where the button belongs to?

menomenic · February 12, 2022, 1:03pm

I did this in the firewall nat rules is this what you mean, also this doesn't work either

eduperez · February 14, 2022, 8:44am

You will probably get better support if you try to follow the current documentation and ask specific questions, rather that ask for yet another guide tailored to your needs.

menomenic · February 14, 2022, 10:07am

I followed the guide and think there is some kind of bug when adding more then one vpn