How to tunnel all traffic over multiple VPNs?
-
Hello,
I have a computer running pfSense 2.1.4 and I have a question for you about OpenVPN configuration.
How can I tunnel all my traffic over 2 or more OpenVPN providers in the following manner?
VPN LAN behind pfSense computer -> OpenVPN provider 1 -> OpenVPN provider 2 -> Internet
Clear-net (non-OpenVPN LAN) behind pfSense computer -> ISP -> Internet
I'm not sure if this matters as part of the setup but:
The OpenVPN providers may use either the 4 files (certificates and keys), or username-password authentication.
Also, varying types of encryption may be used.Thank you in advance,
the.pfSensei
-
I'm also interested in OpenVPN chaining. I think there must be some routing changes required. OpenVPN allows you to bind to an IP address for outgoing connections but not an interface, afaik. That's a problem chaining because in most cases you're going to be assigned a dynamic address.
For example Provider 1 you would have the interface set to WAN. Provider 1 is then connected via your regular internet connection. Then it's the connection to Provider 2 to always go through Provider 1. The hardest part I think would be making sure Provider 2 won't go over the WAN or any other interface if Provider 1 is down.
Also I seem to remember something about UDP (what OpenVPN normally uses) needs to be routed so that it properly flows back.
Interesting question, I hope someone with networking experience can answer it.
-
I'm still interested in doing this so I'm bumping this topic. Has anyone done this?
-
Check out this site and the articles, they all address the concern of chaining vpn tunnels: https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-8
The simplest way to do it is with pfsense running in multiple VMs (you create multiple ESXI or VMware workstation VMs and chain them up).
I hope this helps..