Simultaneous OpenVPN connections to different servers

[nolar 0]

Hello.

 

Is it possible to configure OpenVPN to have multiple (2-3) connections to different AirVPN servers from a single client machine (Linux Ubuntu)? 

 

I want to get 2x-3x increase in speed, by balancing the traffic between these connections. The vpn connections are rarely give higher than 2-4 MB/sec (megabytes), while mu physical connection is 200 Mbps (≈24-25 MB/sec, as proven by downloading the Ubuntu's torrents). And there is a possibility to have 3 simultaneous connections per AirVPN client (well, customer) from different devices.

NB: The traffic peaks are seldom, so they will not overload your system much.


So, when I try to configure 2 openvpn connections, the 1st one works fine, while the second one tries to add the same routes to 10.4.0.0/16. It seems that different openvpn servers have the same server-side IP network, and the same server IP gateway address (10.4.0.1). 

So, is there any other way to get 2-3 connections at a time, except then subscribing for additional VPN providers?

Log on the 1st client:

 

Apr 24 19:23:06 dler ovpn-AirVPN_Europe_UDP-443[4049]: TUN/TAP device tun0 opened
Apr 24 19:23:06 dler ovpn-AirVPN_Europe_UDP-443[4049]: TUN/TAP TX queue length set to 100
Apr 24 19:23:06 dler ovpn-AirVPN_Europe_UDP-443[4049]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 24 19:23:06 dler ovpn-AirVPN_Europe_UDP-443[4049]: /sbin/ip link set dev tun0 up mtu 1500
Apr 24 19:23:06 dler ovpn-AirVPN_Europe_UDP-443[4049]: /sbin/ip addr add dev tun0 10.4.41.176/16 broadcast 10.4.255.255
Apr 24 19:23:12 dler ovpn-AirVPN_Europe_UDP-443[4049]: /sbin/ip route add 62.102.148.131/32 via 192.168.0.1
Apr 24 19:23:12 dler ovpn-AirVPN_Europe_UDP-443[4049]: /sbin/ip route add 0.0.0.0/1 via 10.4.0.1
Apr 24 19:23:12 dler ovpn-AirVPN_Europe_UDP-443[4049]: /sbin/ip route add 128.0.0.0/1 via 10.4.0.1
Apr 24 19:23:12 dler ovpn-AirVPN_Europe_UDP-443[4049]: Initialization Sequence Completed

Log for the 2nd client:

Apr 24 19:48:23 dler ovpn-airvpn2[4569]: TUN/TAP TX queue length set to 100
Apr 24 19:48:23 dler ovpn-airvpn2[4569]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 24 19:48:23 dler ovpn-airvpn2[4569]: /sbin/ip link set dev tun1 up mtu 1500
Apr 24 19:48:23 dler ovpn-airvpn2[4569]: /sbin/ip addr add dev tun1 10.4.40.94/16 broadcast 10.4.255.255
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: /sbin/ip route add 62.102.148.135/32 via 192.168.0.1
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: /sbin/ip route add 0.0.0.0/1 via 10.4.0.1
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: ERROR: Linux route add command failed: external program exited with error status: 2
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: /sbin/ip route add 128.0.0.0/1 via 10.4.0.1
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: ERROR: Linux route add command failed: external program exited with error status: 2
Apr 24 19:48:28 dler ovpn-airvpn2[4569]: Initialization Sequence Completed

 

Final routes. Here we see that openvpn tunnels are fine, but the default routes (0.0.0.0/1 & 128.0.0.01) are taken by 1st client only.

root@dler:~# ip r
0.0.0.0/1 via 10.4.0.1 dev tun0 
default via 192.168.0.1 dev enp0s5 
10.4.0.0/16 dev tun0  proto kernel  scope link  src 10.4.41.176 
10.4.0.0/16 dev tun1  proto kernel  scope link  src 10.4.40.94 
128.0.0.0/1 via 10.4.0.1 dev tun0 
192.168.0.0/24 dev enp0s5  proto kernel  scope link  src 192.168.0.4 

Here is the same command manually:

root@dler:~# /sbin/ip route add 0.0.0.0/1 via 10.4.0.1
RTNETLINK answers: File exists
root@dler:~# echo $?
2

[eyes878 43]

I'm really not sure how to directly solve the problem you stated, but a last resort workaround could be running virtual machines, as then there will be no subnet clashes.

 

Hopefully somebody more knowledgeable is able to help you out.

[nolar 0]

Just to mention it: this Linux machine is already a VM. And I cannot run 2-3 Linux VMs on my Mac OS X, as they eat RAM & CPU for nothing.

 

Maybe containers containers could help, but I'm not sure if I can route traffic from Linux localhost to its own containers with 1 openvpn each (via bridging, I guess), and from there to the outside. This is something beyond my skills

[Guest]

I use the same netmask as AirVPN on my own server, I'm routing through airVPN just fine, the trick is however 1 connection can only be on one port at a time, so for this to work with 3 you have to connect it to 3 different ports keep in mind tho this is not likely to fix anything on your connection speed by using more than one server as the traffic is spreading out and the encryption will be done 3 times eating even more resources than one server would.

[OpenSourcerer 1435]

I'd focus on optimizing the first connection since it's usually easy around here to hit 200 MBit/s, or 180 MBit/s with the frequently used 10% standard deviation

[NaDre 157]

Hello.

 

Is it possible to configure OpenVPN to have multiple (2-3) connections to different AirVPN servers from a single client machine (Linux Ubuntu)? 

 

...

 

So, when I try to configure 2 openvpn connections, the 1st one works fine, while the second one tries to add the same routes to 10.4.0.0/16. It seems that different openvpn servers have the same server-side IP network, and the same server IP gateway address (10.4.0.1). 

 

...

 

I do this. Though not for the reasons you want to.

 

With some effort, you can use the NAT capability of the OpenVPN client to make each connection appear to be on a different subnet.

 

I used to use the rather complex approach involving just OpenVPN configuration that I described here:

 

https://airvpn.org/topic/9518-faking-static-local-vpn-addess-using-client-nat-and-ifconfig/?p=10449

 

As I explained there, I had to change the approach a bit when AirVPN switched from topology "net30" to "subnet".

 

Now I use a modified version of the OpenVPN client that I patched myself. If you are comfortable with patching and building software from source (fairly easy on Linux), you may be interested in this:

 

https://airvpn.org/topic/17235-linux-partial-airvpn-usage/?p=39485

 

I have hinted a few times that AirVPN could probably offer a modified version of the client with something similar to my patch, but they have not bitten.

[go558a83nk 362]

 

Hello.

 

Is it possible to configure OpenVPN to have multiple (2-3) connections to different AirVPN servers from a single client machine (Linux Ubuntu)? 

 

...

 

So, when I try to configure 2 openvpn connections, the 1st one works fine, while the second one tries to add the same routes to 10.4.0.0/16. It seems that different openvpn servers have the same server-side IP network, and the same server IP gateway address (10.4.0.1). 

 

...

 

I do this. Though not for the reasons you want to.

 

With some effort, you can use the NAT capability of the OpenVPN client to make each connection appear to be on a different subnet.

 

I used to use the rather complex approach involving just OpenVPN configuration that I described here:

 

https://airvpn.org/topic/9518-faking-static-local-vpn-addess-using-client-nat-and-ifconfig/?p=10449

 

As I explained there, I had to change the approach a bit when AirVPN switched from topology "net30" to "subnet".

 

Now I use a modified version of the OpenVPN client that I patched myself. If you are comfortable with patching and building software from source (fairly easy on Linux), you may be interested in this:

 

https://airvpn.org/topic/17235-linux-partial-airvpn-usage/?p=39485

 

I have hinted a few times that AirVPN could probably offer a modified version of the client with something similar to my patch, but they have not bitten.

 

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

[NaDre 157]

...

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

 

Look for "PUSH_REPLY" in the log. The server sends it.

[go558a83nk 362]

 

...

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

 

Look for "PUSH_REPLY" in the log. The server sends it.

 

if the server pushes it then I suppose it's not important to specify it in my settings - pfsense.

[NaDre 157]

 

 

...

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

 

Look for "PUSH_REPLY" in the log. The server sends it.

 

if the server pushes it then I suppose it's not important to specify it in my settings - pfsense.

 

What the server pushes is only important if you find that you need to suppress the "pull" in order to override something that gets pushed, as  in the example I gave above. Then you need to review the rest of the stuff that was pushed to see if you need to specify it yourself. The ability to suppress "push"-ed parameters is not as granular/complete as one might wish.

[nolar 0]

I'd focus on optimizing the first connection since it's usually easy around here to hit 200 MBit/s, or 180 MBit/s with the frequently used 10% standard deviation

 

Can you give me some advices on how to do that?

 

I tried native AirVPN client on Mac OS X: 180 Mbps non-vpn traffic, 10-20 Mbps vpn traffic.

 

Now, I try it with standard openvpn package in Ubuntu 16.04 VM on Mac OS X. Same values.

 

CPU is not loaded (not much more than usually with Chrome tabs and stuff).

 

What exactly should I do to increase the speed of a single vpn connection 10x times?

[OpenSourcerer 1435]

Try other servers and ports, optimize your TCP/IP configuration (if that's possible somehow with Mac), take a look at everything that can influence your connection such as software/drivers on your Mac, hardware like your router, etc. Try a connection with other devices, and/or at different places,... be creative.

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

[jo_el 0]

Hello,

 

Regarding the multiple simultaneous connections:

The easiest way is probably to let the different OpenVPN instances connect to different ports of the Air servers, as different ports have different IP subnets and therefore you don't need VMs or similar stuff,

see also https://airvpn.org/specs/ at the section "Assigned IP" for further information.

 

~ jo_el