Jump to content
Not connected, Your IP: 3.12.151.11
securvark

Question for AirVPN about [region].vpn.airdns.org

Recommended Posts

When I connect my VPN to america.vpn.airdns.org UDP port 443 and I enable infinitely resolve, I will connect to a 'random' server in that pool, right? I suppose 'random' being one of the servers with low load, load latency, so you can evenly distribute the incoming VPN's for your customers.

 

Question 1:

When I enable 'Infinitely resolve server' in the OpenVPN connection setup, does that automatically fail me over to another server when latencies are getting high or the server gets too high on load, or will that only fail me over to another server when the server I'm connected to goes down?

 

Here's why I am asking.

 

I initially setup 3 VPN connections each toa different port, in a load balanced group on PfSense, each directly to an IP address to one of your servers. I did it so that PfSense would fail over when latencies are getting too high, when there's ping loss or (obviously) when a VPN goes down.

 

This worked, and when one server would see high latencies, I'd get an email stating PfSense was omitting it from the routing group.

 

However, on several occasions for the past two days, all servers I was connected to were seeing high latencies but because I was connected directly to a AirVPN server IP I had nowhere else to fail over to. And that is a problem.

 

So I recreated my VPN tunnels to connect to a region's DNS name, again each on a different UDP port. I am hoping it works as I described in the second alinea (fail over on high latencies with infinitely resolve server').

 

But what I'm seeing is that all three connections are now going to the same server. If that server goes down and my connection needs to failover, all my VPN tunnels will now go down at the same time, and connect to another server. But they would probably all connect to the same new server again, and I'm back to square one. This is also a problem.

 

Here's what I would like:

When I setup 3 simultaneous connections on a DNS name to a region from the same IP address, I would want each one to connect to a different server. Especially since I'm connecting to three different ports, this should be easy to to do right? Is this possible at all? Can I somehow force this from my end?

 

If this is currently NOT possible, would you consider this as a feature request?

 

Many thanks for your time!

Share this post


Link to post

But what I'm seeing is that all three connections are now going to the same server.

 

[region].vpn.airdns.org resolves to the best server in that region. It's updated every five minutes, but isn't always changed to another server if the previous server is still "the best". That's why all three connections go to the same server.

 

When I setup 3 simultaneous connections on a DNS name to a region from the same IP address, I would want each one to connect to a different server.

 

I'm not familiar with PFSense, so for more info contact pfsense_fan or go to the PFSense thread. I personally can only think of one solution: Add all possible IPs of the region as remote, then add a remote-random. This might cause two connections to the same server, though, since it's a more or less random choice.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

You can hard-code all the entry hosts in your load balancer configuraion and then make a rule

to connect to the one with the lowest latency from your end.

 

Follow this example:

http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/

 

This can be done but it will be not so trivial setup.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

You can hard-code all the entry hosts in your load balancer configuraion and then make a rule

to connect to the one with the lowest latency from your end.

 

Follow this example:

http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/

 

This can be done but it will be not so trivial setup.

 

No this doesn't work. As soon as you create a client VPN, it will try to bring it up. You can only have 3 simultaneous connections so all the others won't be online. As a result, they won't have a monitor and you won't know what their latency is. PfSense would have to bring one down first, bring up a new one, test it's latency and if it's too high, bring it down and test another one. I don't think this can be done with PfSense and even if it could, it would take far too long and I wouldn't want to use it as it would result in downtime.

 

It would be A LOT easier to do this on the AirVPN load balancer side. Their load balancers that I'm connecting to (region.airdns.org) already has the checks and failover mechanisms in place. All it needs to do is see that I'm connecting from the same IP address, and simply NOT connect me to the same server twice and take the next best server.

 

I'm currently doing it manually when I see it's connecting to a same server. I disconnect it, and reconnect it a minute later. Chances are it connects to a different server. But nothing stops the current LB mechanisms from failing a connection over and connecting it to a server I'm already connected to. An option somewhere to prevent this would solve it.

Share this post


Link to post

If anyone has a better idea how to resolve this issue I'd appreciate it.

 

I would appreciate it even more if someone from AirVPN could respond to this .

 

I'm continually manually restarting VPN sessions to avoid being connected to the same server on multiple connections. Today it's coming back to the same server every time so after 4 or 5 attempts I gave up. It keeps going to the same server which sucks.

 

I would really REALLY like an option to prevent this from happening.

 

THanks!

Share this post


Link to post

That would leave me with 2 tunnels vulnerable to latencies, packetloss and downtime.

 

The region.vpndns.org doesn't quite work as I expected though. This morning all tunnels were down while openvpn processes were still running. After restarting the tunnels in pfsense they came back up.

 

I need to figure out a way to restart openvpn when they go down.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...