1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Try a sequence of OpenVPN servers or protocols - one config

Discussion in 'Tomato Firmware' started by occamsrazor, Apr 21, 2009.

  1. occamsrazor

    occamsrazor Network Guru Member

    I just thought I'd post this handy tip I found in the Witopia ( a commercial VPN provider) support wiki:

    http://wiki.witopia.net/wiki/Alternate_Ports (scroll to end)


    ...as I hadn't seen mention of it in any of the threads on this forum. If you want to have an OpenVPN config that tries one server/protocol, but if it is unable to connect tries a different server/protocol, you can do this via the following:

    Instead of having one config that starts like this:

    Code:
    proto udp
    remote <yourvpnserver1> 1194
    
    ...and a separate duplicate config that starts like this:

    Code:
    proto tcp
    remote <yourvpnserver2> 443
    
    you can combine them into a single config like this:

    Code:
    <connection>
    remote <yourvpnserver1> 1194 udp
    </connection>
    <connection>
    remote <yourvpnserver2> 443 tcp
    </connection>
    
    OpenVPN will try the first connection, but if it can't connect it'll try the second, then the third, etc... Apparently you have to have a fairly recent version of the OpenVPN client for this to work.
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Very interesting! I didn't know that.
     
  3. occamsrazor

    occamsrazor Network Guru Member

    Yes... I hadn't seen that documented before... One potential use even if you only have one VPN server machine would be to have server1 configured with Port 1194 UDP, and server2 with Port 443 TCP...
    This way if you find yourself in a place with no blocking you'll get through on Port 1194 with UDP, but if there's blocking going on it'll automatically revert to the less-likely-blocked Port 443 with TCP.
    Or if you have multiple actual servers you can have it connect in order of your preference.
    I'm not clear what else you can put within the "connection brackets" but presume almost anything... so perhaps even connect with different user/certificates, etc...
     

Share This Page