Skip to content
Does this simple setup work as VPN chaining?
Got a problem with Viscosity or need help? Ask here!
It is not possible to "chain" two different OpenVPN connections in Windows without a Virtual Machine, but would the following setup work?
PC > VPN1 > VPN2 > Proxy > Internet
Only the proxy would be routed through the VPN chain (Split Tunneling):
- In the VPN1 config, the
- In the VPN2 config,
- The proxy would then be added in e.g. Firefox network settings for use as Split Tunneling with proxy-only DNS use.
Does this work as intended? I have done some brief testing and it seems to work.
PC > VPN1 > VPN2 > Proxy > Internet
Only the proxy would be routed through the VPN chain (Split Tunneling):
- In the VPN1 config, the
Code: Select all
argument together with a route for the VPN2 remote IP address would be added. This would be the first connection.route-nopull
- In the VPN2 config,
Code: Select all
together with a route for the proxy address would be added. This would be the second connection.route-nopull
- The proxy would then be added in e.g. Firefox network settings for use as Split Tunneling with proxy-only DNS use.
Does this work as intended? I have done some brief testing and it seems to work.
Hi loxia01,
I'm afraid we can't provide much information or support on connection chaining. We have some brief information here - https://sparklabs.com/support/kb/articl ... taneously/
It's a very advanced setup that goes wrong more often than it goes right, and unless we know everything about the scenario and connections, all we can do is guess on how to help, in which case it's better for us not to. I hope you understand. Fundamentally what you suggest should work though.
I encourage you to test your setup thoroughly though. Just because you have traffic flowing does not necessarily mean it's flowing through both your connections, the following may help - https://sparklabs.com/support/kb/articl ... troduction
Regards,
Eric
I'm afraid we can't provide much information or support on connection chaining. We have some brief information here - https://sparklabs.com/support/kb/articl ... taneously/
It's a very advanced setup that goes wrong more often than it goes right, and unless we know everything about the scenario and connections, all we can do is guess on how to help, in which case it's better for us not to. I hope you understand. Fundamentally what you suggest should work though.
I encourage you to test your setup thoroughly though. Just because you have traffic flowing does not necessarily mean it's flowing through both your connections, the following may help - https://sparklabs.com/support/kb/articl ... troduction
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Thanks for your input and links.
I set up my own OpenVPN server for more testing which revealed that if connecting via UDP there is no "Kill-Switch" in this setup. If the first connection (to VPN1) is broken the connection immediately goes directly to VPN2 without any warning. If using TCP the chain disconnects if the connection to VPN1 is broken, but in order to prevent auto-reconnection you have to add the argument remap-usr1 SIGHUP under advanced settings in Viscosity.
The chaining seems to work as intended if using TCP, but I guess you wouldn't want to use this type of chaining for any critical use case.
I set up my own OpenVPN server for more testing which revealed that if connecting via UDP there is no "Kill-Switch" in this setup. If the first connection (to VPN1) is broken the connection immediately goes directly to VPN2 without any warning. If using TCP the chain disconnects if the connection to VPN1 is broken, but in order to prevent auto-reconnection you have to add the argument remap-usr1 SIGHUP under advanced settings in Viscosity.
The chaining seems to work as intended if using TCP, but I guess you wouldn't want to use this type of chaining for any critical use case.
3 posts
Page 1 of 1