Posted: Sat Sep 05, 2020 17:20 Post subject: Running 2 OpenVPN Tunnels on Separate Wifi Networks
Hello Everyone,
I am new to DDWRT routers and really enjoying it so far.
I am currently wondering if it is possible to run two OpenVPN tunnels on separate wifi networks.
My current ISP tracks all traffic and sometimes blocks certain sites from time to time (even to their own on occasion :-P), unfortunately it is really annoying when they block sites like Amazon.
Hopefully, if I explain my set-up then my request will become clearer.
I have a Netgear Nighthawk R7800 with the newest Brainslayer Firmware with a line speed of 10mbs - so have to use sparingly.
My wifi networks are routing to their own IP Addresses. (For instance the main will route to 192.10.1.1, the other network to 192.20.1.1 and the guest network to 192.30.1.1)
The Guest Network (192.30.1.1) is running OpenVPN with ExpressVPN to another country. (Unfortunately this is very slow)
What I want to do is to route the secondary network 192.20.1.1 through another OpenVPN tunnel with ExpressVPN inside my country to bypass my ISP from tracking my activity and bypassing the occasional site blocking to Amazon.
The End result being:
192.10.1.1 - Open (No VPN active)
192.20.1.1 - VPN inside my country (Nice and Fast)
192.30.1.1 - VPN outside my country (Currently Running)
Unfortunately, dd-wrt only supports *one* OpenVPN client in the GUI. To run any additional OpenVPN clients would require manually configuring and running them w/ the CLI (command line interface) and scripting. And at that point, imo, you might as well do *all* your OpenVPN client configuration and management w/ the CLI and scripting. Esp. since it will involve development of your own PBR (policy based routing).
P.S. You could consider an alternative, like FreshTomato, which supports up to three (3) concurrent OpenVPN clients.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Sat Sep 05, 2020 18:05 Post subject:
Welcome to the forum
If you have not done so read the forum guide lines, link in my signature at the bottom of this post.
This will get you the best possible help.
Latest build can mean a lot of things so please be specific what build are you running?
As you want to route per ip address/subnet, you have to use Policy Based Routing, link in my signature.
You can run a second instance of the OVPN client, but you have to do that manually via the Command Line interface (telnet/putty)
For that is it is "necessary" to have extra storage so if you have not done so attach a USB stick and setup storage for jffs.
Attached an example for running a second instance from the CLI, you have to know your way around OpenVPN and its settings but as you already have a VPN running to ExpressVPN you can look in the existing /tmp/openvpncl/openvpn.conf file for the necessary settings
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Sep 07, 2020 19:13 Post subject:
Another alternative, if you don't mind the expense of a second vpn provider, is to get an account with one of the wireguard providers with which dd-wrt users have had success (e.g. Azire, KeepSolid, Mullvad) and set up a wireguard vpn connection to operate alongside your OpenVPN connection. The OpenVPN system and the wireguard system in dd-wrt are quite separate, and nothing particularly special need be done to run them simultaneously. Set up one, set up the other, and in doing so make sure their PBR specifications are nonoverlapping, so that dd-wrt knows what traffic to send where. That's about it. (I do it here.) See egc's guide at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624. (It's in his signature if you lose this link.) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
thank you eibgrad, egc and SurprisedItWorks for all your help.
I am running the Brainslayer 07-08-2020 release.
eibgrad,
it is unfortnate that there is not a tomato release for the Netgear.
egc,
I will work through your documentation. Luckily I am always up for a challenge.
SurprisedItWorks,
thank you for the help I will definitely look into this and check the speeds on these providers. It is unfortunately one thing I always need to check in my country. Except for ExpressVPN or NordVPN, you tend to lose a lot of speed. This might have changed in recent years.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Wed Sep 09, 2020 16:24 Post subject:
Eddy-Pooh wrote:
SurprisedItWorks,
thank you for the help I will definitely look into this and check the speeds on these providers. It is unfortunately one thing I always need to check in my country. Except for ExpressVPN or NordVPN, you tend to lose a lot of speed. This might have changed in recent years.
Thanks everyone.
In case you are new to the wireguard/OpenVPN difference, wireguard requires you to commit during config to a single server (actual IP address), but it loads dd-wrt far more lightly and so can typically get to 2x to 3x the maximum OpenVPN speed, given a decently fast server on the other end. Many providers offering wireguard use modifified wireguard protocols that only work with their apps, which is why I mentioned three that dd-wrt users have had success with on their routers. I have learned to love vpn providers that have fewer servers that always work over the usual suspects that have a zillion servers that are often down or overloaded, etc.
I have had great success with AzireVPN (.com) technically, and my chosen servers (I have them on three routers) have always been up and fast (my routers are slower than yours and for download I get 130 to 210 Mbps with a 200 Mbps ISP), but they have few servers. I think they currently have 15 wireguard servers spread across 13 countries -- ca ch de dk es fr nl no ro se th uk us -- and their support, if you have problems or questions, is strictly via ordinary email and can be slow. My experiments with Mullvad (using their phone app) were disappointing, as I found their servers to often be down or slow. KeepSolid is less expensive than either, has many servers, and I have heard no complaints about them. Small sample size though. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
