Difference between revisions of "Tunnel VPN FAQs"

From UntangleWiki
Jump to: navigation, search
 
(3 intermediate revisions by one other user not shown)
Line 12: Line 12:
  
  
=== Can I only route certain protocols through the tunnel VPN? ===
+
=== Can I only route certain protocols or "domains" or "sites" through the tunnel VPN? ===
  
No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application is not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information may be identified in the future because the session is stateful the routing of the session can not be changed mid-session.
+
No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened the application and many other properties of the session are not yet known, only the IPs, ports, etc.
 +
 
 +
Later [[Application Control]] may identify the "application" or "category" and [[Web Filter]] may identify the domain or site categorization (if its HTTP at all). However information that is learned later can not be used to change routing decisions that are made in the past.
  
 
However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.
 
However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.
 +
 +
=== This there a limit on how many tunnel VPN I can configure? ===
 +
 +
The current limit is 40 tunnels.

Latest revision as of 15:46, 8 June 2021


My Tunnel keeps disconnecting; What can I do about it?

Different services provide different parameters for managing disconnects in the config file.

Some services often explicitly specify to not reconnect when the connection is lost. This configuration is not optimal and is likely done by the services to minimize server load.

To tune these settings simply edit the .ovpn file (or the .ovpn file inside the zip) before uploading it to Tunnel VPN. You can change the "keepalive" setting or the "ping" and "ping-restart" settings. If non of those are specified just adding "keepalive 10 120" will be sufficient to tell it to test the connection every 10 seconds and restart if after 120 seconds all tests fail. Similarly if ping or ping-restart is already specified simply replace the existing "ping" configuration with "ping 10" and the existing "ping-restart" with "ping-restart 120".

More can be read about openvpn configuration here.


Can I only route certain protocols or "domains" or "sites" through the tunnel VPN?

No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened the application and many other properties of the session are not yet known, only the IPs, ports, etc.

Later Application Control may identify the "application" or "category" and Web Filter may identify the domain or site categorization (if its HTTP at all). However information that is learned later can not be used to change routing decisions that are made in the past.

However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.

This there a limit on how many tunnel VPN I can configure?

The current limit is 40 tunnels.