Tunnel VPN FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
(Created page with "Category:FAQs === My Tunnel keeps disconnecting; What can I do about it? === Different services provide different parameters for managing disconnects in the config file....")
 
No edit summary
Line 10: Line 10:


More can be read about openvpn configuration [https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage here].
More can be read about openvpn configuration [https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage here].
=== Can I only route certain protocols through the tunnel VPN? ===
No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application is not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information may be identified in the future because the session is stateful the routing of the session can not be changed mid-session.
However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.

Revision as of 01:56, 19 September 2017


My Tunnel keeps disconnecting; What can I do about it?

Different services provide different parameters for managing disconnects in the config file.

Some services often explicitly specify to not reconnect when the connection is lost. This configuration is not optimal and is likely done by the services to minimize server load.

To tune these settings simply edit the .ovpn file (or the .ovpn file inside the zip) before uploading it to Tunnel VPN. You can change the "keepalive" setting or the "ping" and "ping-restart" settings. If non of those are specified just adding "keepalive 10 120" will be sufficient to tell it to test the connection every 10 seconds and restart if after 120 seconds all tests fail. Similarly if ping or ping-restart is already specified simply replace the existing "ping" configuration with "ping 10" and the existing "ping-restart" with "ping-restart 120".

More can be read about openvpn configuration here.


Can I only route certain protocols through the tunnel VPN?

No, routing can be done only based on the information known at the time the packet is routed. If a new connection is opened, then the application is not yet known, only the IPs, hosts, ports, etc. Even though the application, website, domain, or other information may be identified in the future because the session is stateful the routing of the session can not be changed mid-session.

However, one common workaround is to detect a certain application and tag the host using that application with a tag. Then you can create a Tunnel VPN rule to route hosts tag with that tag through the tunnel.