Can you set OpenVPN to auto-connect to 'fallback' .ovpns in case the current one fails?
I think the best you can do right now is to set up OpenVPN properly to inform it that there is second server, like this:
Implementing a load-balancing/failover configuration Client
The OpenVPN client configuration can refer to multiple servers for load balancing and failover. For example:
remote server1.mydomain
remote server2.mydomain
remote server3.mydomain
will direct the OpenVPN client to attempt a connection with server1, server2, and server3 in that order. If an existing connection is broken, the OpenVPN client will retry the most recently connected server, and if that fails, will move on to the next server in the list. You can also direct the OpenVPN client to randomize its server list on startup, so that the client load will be probabilistically spread across the server pool.
remote-random
If you would also like DNS resolution failures to cause the OpenVPN client to move to the next server in the list, add the following:
resolv-retry 60
The 60 parameter tells the OpenVPN client to try resolving each remote DNS name for 60 seconds before moving on to the next server in the list.
The server list can also refer to multiple OpenVPN server daemons running on the same machine, each listening for connections on a different port, for example:
remote smp-server1.mydomain 8000
remote smp-server1.mydomain 8001
remote smp-server2.mydomain 8000
remote smp-server2.mydomain 8001
If your servers are multi-processor machines, running multiple OpenVPN daemons on each server can be advantageous from a performance standpoint.
OpenVPN also supports the remote directive referring to a DNS name which has multiple A records in the zone configuration for the domain. In this case, the OpenVPN client will randomly choose one of the A records every time the domain is resolved.
Source: https://openvpn.net/index.php/open-source/documentation/howto.html#loadbalance
Related videos on Youtube
09 : 27
10 : 35
22 : 27
09 : 59
05 : 09
20 : 32
13 : 07
01 : 35
Community
Updated on September 18, 2022Comments
-
Community over 1 year
I'm in Debian 7.8 Wheezy, and have installed openvpn from the stable repository.
I'd like to set up a system for another user (who does not have high computer literacy) where, if the primary server that I have configured (
/path/to/one.ovpn) fails for some reason, I have a backup one (/path/to/two.ovpn) to automatically connect to instead, as a backup.And maybe I give them ten .ovpn files (e.g. using free community servers from VPN Gate), to try really make sure the user is secured (assuming one of them works), without them having to manually do anything about it.
Is there a way in the default openvpn config, or some third-party GUI compatible with Debian, that can achieve this?
Or perhaps a script? (which I could then set to run at startup.)
-
Roman Gaufman over 7 yearsThis is useful, but what if one server is TCP and the other is UDP? - the above doesn't seem to allow for that, it's either all servers must be UDP or TCP. Any ideas/suggestions?
-
Michal Sokolowski over 7 yearsThat's correct, unfortunately no work around I can think of. I'd unify the configs to UDP only though.
