Difference between revisions of "Tunnel VPN FAQs"

From UntangleWiki
Jump to: navigation, search
(Can I only route certain protocols through the tunnel VPN?)
Line 14: Line 14:
 
=== Can I only route certain protocols through the tunnel VPN? ===
 
=== Can I only route certain protocols through the tunnel VPN? ===
  
No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application is not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information may be identified in the future because the session is stateful the routing of the session can not be changed mid-session.
+
No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application and many other properties of the session are not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information ''might'' be identified in the future this can not be used to making routing decisions made in the past.
  
 
However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.
 
However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.

Revision as of 02:38, 19 September 2017


My Tunnel keeps disconnecting; What can I do about it?

Different services provide different parameters for managing disconnects in the config file.

Some services often explicitly specify to not reconnect when the connection is lost. This configuration is not optimal and is likely done by the services to minimize server load.

To tune these settings simply edit the .ovpn file (or the .ovpn file inside the zip) before uploading it to Tunnel VPN. You can change the "keepalive" setting or the "ping" and "ping-restart" settings. If non of those are specified just adding "keepalive 10 120" will be sufficient to tell it to test the connection every 10 seconds and restart if after 120 seconds all tests fail. Similarly if ping or ping-restart is already specified simply replace the existing "ping" configuration with "ping 10" and the existing "ping-restart" with "ping-restart 120".

More can be read about openvpn configuration here.


Can I only route certain protocols through the tunnel VPN?

No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application and many other properties of the session are not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information might be identified in the future this can not be used to making routing decisions made in the past.

However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.