Dual ExpressVPN failover - routing broken
-
I am using two ExpressVPN nodes in a gateway down fail-over mode, routing all my traffic over the VPN with exceptions going over the WAN. This config was working under 2.4.2 and 2.4.3 but since 2.4.4 has stopped working.
I have established;
- forcing one the gateway's down from router menu does not fix the problem
- disabling one of the clients solves the issue
With a single client VPN,
- it is possible to simply change the specified gateway for the rule and traffic happily switches between WAN and VPN.
- all functions and programs work.
- all clients android, windows, etc function correctly
With dual VPN clients,
- routing correctly passes through the specified gateway, or the correct gateway pool with tracert
- http/s both work for normal browsing.
- there are intermittent problems with pop/smtp connections to google
- ubuntu and debian linux updates are not reachable for local servers and work with default servers at significantly reduced bandwidth ** interestingly some sites in the list resolve, others appear not to **
The server uses the following push values
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.156.0.1,comp-lzo no,route 10.156.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.156.0.30 10.156.0.29,peer-id 11'Custom options i have used are:
pull-filter ignore "dhcp-option DNS "; /* required remove push errors in log */ pull-filter ignore "route "; /* required remove push errors in log */ pull-filter ignore "redirect-gateway "; /* required remove push errors in log */ pull-filter ignore "topology net30"; resolv-retry infinite; persist-key; persist-tun; remote-random; tls-client; verify-x509-name Server name-prefix; remote-cert-tls server; key-direction 1; route-method exe; route-delay 2; tun-mtu 1500; fragment 1300; mssfix 1450; auth-nocache;don't pull routes = checked
don't add routes = unchecked
UDP fast I/O = checked