Does this simple setup work as VPN chaining?

Got a problem with Viscosity or need help? Ask here!

loxia01

Posts: 4
Joined: Wed Jan 30, 2019 3:03 am

Post by loxia01 » Sat Mar 30, 2019 11:37 pm
It is not possible to "chain" two different OpenVPN connections in Windows without a Virtual Machine, but would the following setup work?

PC > VPN1 > VPN2 > Proxy > Internet

Only the proxy would be routed through the VPN chain (Split Tunneling):

- In the VPN1 config, the
Code: Select all
route-nopull
argument together with a route for the VPN2 remote IP address would be added. This would be the first connection.

- In the VPN2 config,
Code: Select all
route-nopull
together with a route for the proxy address would be added. This would be the second connection.

- The proxy would then be added in e.g. Firefox network settings for use as Split Tunneling with proxy-only DNS use.

Does this work as intended? I have done some brief testing and it seems to work.

Eric

User avatar
Posts: 869
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Apr 01, 2019 10:37 am
Hi loxia01,

I'm afraid we can't provide much information or support on connection chaining. We have some brief information here - https://sparklabs.com/support/kb/articl ... taneously/

It's a very advanced setup that goes wrong more often than it goes right, and unless we know everything about the scenario and connections, all we can do is guess on how to help, in which case it's better for us not to. I hope you understand. Fundamentally what you suggest should work though.

I encourage you to test your setup thoroughly though. Just because you have traffic flowing does not necessarily mean it's flowing through both your connections, the following may help - https://sparklabs.com/support/kb/articl ... troduction

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

loxia01

Posts: 4
Joined: Wed Jan 30, 2019 3:03 am

Post by loxia01 » Wed Apr 03, 2019 10:34 am
Thanks for your input and links.

I set up my own OpenVPN server for more testing which revealed that if connecting via UDP there is no "Kill-Switch" in this setup. If the first connection (to VPN1) is broken the connection immediately goes directly to VPN2 without any warning. If using TCP the chain disconnects if the connection to VPN1 is broken, but in order to prevent auto-reconnection you have to add the argument remap-usr1 SIGHUP under advanced settings in Viscosity.

The chaining seems to work as intended if using TCP, but I guess you wouldn't want to use this type of chaining for any critical use case.
3 posts Page 1 of 1