If I am experiencing a slowness in a VPN configuration, is there an easy way to switch to a different VPN while maintaining the pbr interfaces that are on strict adherence or whatever the word is?
E.g. I have a pbr rule for mac address X to always use the iBeBritish interface so that device can play BBC iPlayer.
If the VPN A is going too slow to stream, I want to be able to turn off VPN A and turn on VPN B. But I want iBeBritish to be associated with either of them.
Is it straightforward to do that? The documentation I used to whip up my own tutorial, maybe published in future, seems to be a 1:1 set up of opvn config : interface. And in pbr seems I can really only get one interface associated in the rule.
I can probably go about it with editing the rules to match mac address X to the other interface once I create it. But I am hoping to make the change done by just stopping one VPN and starting the other, and not having to go into the pbr rules to update them manually. (And restart to apply the rules? Possibly interfering with anyone currently using the network via other interfaces.)
If you are using openvpn + pbr you can create multiple openvpn instances/configs with the same tun interface and different vpn connections. If you want to switch you just stop/disable one instance and then start/activate the other and you don’t have to edit your pbr rule…
config interface 'vpnclient'
option proto 'none'
option device 'ovpnc0'
list dns '9.9.9.9'
list dns '149.112.112.112'
And make an addition to it to add
option device 'ovpnc1'
Assuming my second uploaded openvpn config was named ovpnc1.
Is that the right step?
Edit: No, that wasn't right. It's the opposite. I need to copy that first configuration block, making a second block, but changing out the name of the interface to what I named it in the OpenVPN uploads.
config interface 'vpnclient'
option proto 'none'
option device 'ovpnc0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'vpnclient2'
option proto 'none'
option device 'ovpnc0'
list dns '9.9.9.9'
list dns '149.112.112.112'
So both vpnclient and vpnclient2 connections will associate with ovpnc0. (Curious, what happens if I accidentally try to have both vpn clients open simultaneously? Maybe something to play with when no one else is home.)
One further step I had to take was going into /etc/config/openvpn and I modified the vpnclient2 configuration to associate with option dev 'ovpnc0'.
I think now I have it all working, thanks again for the lead.
What I did was upload a new opvn file. I named it Tom. I set the /etc/config/openvpn file to configure Tom so that it would tie to an ecisting dev of ovpnc2.
I went through the firewall, pbr, and network files updating it.
And then what I realized, after restarting the pbr service and restarting the network under Interfaces is... I still had to go into pbr, find all the rules where I used the original interface, and change all of those to use Tom.
That is a lot of effort and not what I want.
All I want to do is go to the LuCi OpenVPN page, stop one, and start another, and it all work out.
Should I be trying to use the same names? E.g. have two Tom entries under OpenVPN? How would I know which one to use, other than "the other one" if I can't have it uniquely named?
Edit: The closest idea I can come up with is to delete the interface and reupload the other file with the same name. But useless if I don't have that file.
Edit: I think I got it. And maybe samw thing as I told myself last reply. I went a step too far. I should not ha e edited /etc/config/network. Leave that alone and it shoooould work.
Edit: Nope, trying to switch back and forth is resulting in a device with no connection. Got it to go one time, but not since. Would appreciate the step by step from anyone who knows.
config interface 'ovpnclient'
option proto 'none'
option device 'tun0'
In the OpenVPN tab you can add more VPN clients by uploading your config file.
just use dev tun without a number so not dev tunx and The OpenVPN interface will be made using tun0
You can enable/disable your OpenVPN instances by GUI or command line