OpenVPN failover, killswitch, same provider

Hello!
Do you guys know if its possible to use "failover" function for openvpn on openWRT firmware?

Other firmware works also, dont need to be openWRT.

Thank you for recommendations!!




EDIT:
I could donate or pay if someone could help me setup this, please. (Dont want to be rude but i have tried with this for over 3 weeks now) :heart:

Since we are in Openwrt forum, let's discuss about Openwrt :slight_smile:

Mwan3 can handle multiple levels of primary and backup interfaces, load-balanced or not. Different sources can have different primary or backup WANs.

https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

3 Likes

You can use manual VPN-instance management via LuCI/CLI:
https://openwrt.org/docs/guide-user/base-system/managing_services

Or you can create VPN-profile containing multiple <connection> blocks:
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

3 Likes

Thank you all!

I will try to translate and read all that text so i fully understand it.

So you guys mean this is possible with openWRT from almost default?

Amazing!

Pretty much, yes.

1 Like

I am trying really hard to make the Mwan3 setup.

But i dont understand it, please help.

Where do I do this?

Thank you, you guys are awsome on this!

I have tried really hard for 3 weeks now, with different solutions.

I cant make it work, i could pay or donate to OpenWRT if someone could help me with this.

Sorry for this.
Thank you.
:heart:

I see only one LAN interface there. What are your WAN interfaces? Have you installed the luci-app-mwan3 as well to help you configuring it?
Post here the following outputs.
ip -4 addr; ip -4 ro; ip -4 ru; cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/mwan3

I tought i was going to test this over vmware fusion to start with.

If it works good i can order a openwrt router.

(my computer ip->vmware openwrt ip -> wan)

What do you think?
Thank you so much!

Still you need 2 wan interfaces to test it. I am not an expert with vmware, but I suppose it can be done.
I don't see any reason not to go ahead and buy a router for that. It is a pretty straight forward solution.

Did you try to utilize multiple <connection> blocks?
It should be pretty easy to set up.
You can also use multiple options remote.
In addition specify these options:

remote-random
resolv-retry n
connect-retry n [max]
connect-retry-max n
connect-timeout n
keepalive interval timeout

See also:

dear Vgaetere, cant you please send me a private message?

So you mean multiple connection blocks is more easy than mwan3 for a newbie like me?

Thank you!!

Go to your VPN-provider site, select several servers and modify the VPN-profile like this:

remote vpn1.example.org ...
remote vpn2.example.org ...
remote vpn3.example.org ...
remote-random
resolv-retry 1
connect-timeout 30
connect-retry 5 1
keepalive 10 30
...
1 Like

Smart! So you mean i could use just one provider with multiple servers to reconnect to?

Instead of choosing 2 providers choose 1 provider with multiple servers.

And also this mwan3, will it really work any good with load balancing on a simple router? That sounds like we need a mini-pc for.

Thank you for opening my eyes, i will look a little bit more on this!

Yep, it's very unlikely that all the servers are down at the same time.
And you can manually switch to another VPN-provider via LuCI anyway.

1 Like

I love you, thank you! You are so right.

I just need to get my Linksys WRT32X now.

EDIT:
Do we have a guide for this on OpenWRT or is it openVPN docs we need to read?

hi, i've a question about your solution, in my VPN-profile i have a line with this:
verify-x509-name vp1.example.org

how i can modify to fit multiple servers?

thanks in advance for help!

It is intrinsic feature of OpenVPN (specifying of multiple servers by remote directive). However it works only for one provider. I think, you should create script, checking connectivity and switching config-files, e.g. by creating symlinks to existing configuration files. You should also check killswitch part of my manual: https://airvpn.org/forums/topic/20303-airvpn-configuration-on-openwrt-preventing-traffic-leakage-outside-tunnel/

I can only recommend you to create script, checking connection and modifying symlinks to existing configuration files.

If you subscribe to multiple independent VPN companies, like the OP of this thread, you would need to simultaneously run completely separate instances of the OpenVPN client for each one. Then use mwan3 to treat the tunnel entrance network of each one as a separate "WAN".