Viscosity permits a number of VPN connections to be related concurrently. To make the most of this merely instruct a connection to attach with out disconnecting any current energetic connections. This permits for eventualities the place it’s possible you’ll want to connect with two distant networks without delay, comparable to two workplace places, or for while you want one VPN connection to attach via one other.
Nonetheless, to make use of a number of VPN connections on the identical time successfully it’s a necessity to have an understanding of how your pc directs site visitors for every VPN connection to make sure that the VPN connections don’t conflict. This text is designed to cowl the fundamentals, nevertheless if doubtful please get in contact together with your VPN Supplier to examine whether or not any configuration modifications are essential to your VPN connections.
IP Routing and VPN Connections
Your typical pc has a number of community interfaces. These are normally a mix of bodily community interfaces (comparable to your pc’s Wi-Fi community interface and Ethernet community interface) and digital community interfaces (comparable to an interface for every energetic VPN connection).
To resolve which community interface to make use of when sending a packet of community information, your pc makes use of its “routing desk”. The routing desk is like an handle e-book for IP addresses, the place every entry is usually a single IP handle (e.g. 10.0.0.1/32 or 10.0.0.1/255.255.255.255) or a spread of addresses (e.g. 10.0.0.0/24 or 10.0.0.0/255.255.255.0). An entry within the routing desk is named a “route”. Your routing desk additionally has a “default” route, which is the route used when there are not any different matches.
While you connect with a VPN connection, it provides sure routes to your pc’s routing desk to direct site visitors into the VPN connection. In your typical office connection this will encompass a few routes to direct the IP vary/s your office makes use of into the VPN connection. Then again a typical VPN Service Supplier connection might as a substitute specify a brand new default route, so all community site visitors goes via the VPN connection by default.
The working system can even routinely create a route for the IP vary the VPN connection makes use of (even when no such route is explicitly set by the VPN connection).
Clashes Between Routes
If two routes with similar IP ranges are added to the routing desk, you’ve a routing conflict. For instance, if in case you have a route directing 10.8.0.0/24 site visitors to Community Interface 1’s gateway, but in addition one other directing 10.8.0.0/24 site visitors to Community Interface 2’s gateway, there may be an apparent downside. They each cannot be used, and so the working system will solely use one and ignore any others.
The truth is, from an OpenVPN connection perspective, the precise behaviour will differ relying on the working system. On Home windows the route with the bottom metric, normally probably the most lately added, would be the one used, whereas on macOS the primary added route would be the one used. While you disconnect both connection, the route/s might be eliminated, and the remaining connection could also be left in a non-functional state.
This additionally applies to default routes: if two connections each attempt to create a default route, just one can be utilized. When disconnecting one of many connections (inflicting the default path to be eliminated) the remaining VPN connection won’t be used for all site visitors (because the route has been eliminated).
These aware of IP routing might discover that the above behaviour differs considerably from regular community interfaces. For instance, for those who join a pc through each an Ethernet cable and Wi-Fi to the identical community, after which disconnect the one it is utilizing, your pc will gracefully fall again to the opposite community connection. That is via a mechanism referred to as “interface scoped” routing. OpenVPN doesn’t help interface scoped routes at the moment (as not each working system helps it), however it might sooner or later.
Widespread Simultaneous Eventualities
On this part we take a look at quite a few frequent eventualities for simultaneous connection use, and any suggestions to make the connections work as anticipated.
“All-Visitors” connections seek advice from VPN connections which have a default route related to them so all site visitors is directed via them by default, whereas “Break up-Visitors” connections are VPN connections that solely have a choose variety of routes and do not route all site visitors via the VPN connection.
Connecting Two Break up-Visitors Connections
This example generally happens when connecting to workplaces with multiple workplace, and you have to have a VPN connection to 2 or extra workplaces on the identical time.
When you’ve got two connections with out clashing IP addresses or routes, then they will work completely related on the identical time. For instance, if the primary VPN connection has an IP handle vary of 10.1.0.x, whereas additionally pushing out a route for 10.2.0.x, and the second connection has an IP handle vary of 10.3.0.x whereas additionally pushing a route of 10.4.0.x, then there are not any routing clashes.
If each connections try to make use of the identical IP vary (a standard one for OpenVPN connections is 10.8.0.x), or push out the identical routes, then one in every of them will should be modified. This normally entails altering the IP vary that the OpenVPN server is utilizing (in addition to any conflicting pushed routes). If the IP vary cannot be modified, then NAT can be utilized on the server to remap IP ranges.
Connecting a Break up-Visitors Connection and a All-Visitors Connection
This example sometimes happens when you find yourself related to a VPN Service Supplier, but in addition need to connect with a piece or dwelling community.
In order for you all site visitors to undergo the All-Visitors VPN connection, and have the Break up-Visitors connection join via the All-Visitors connection, then the All-Visitors connection needs to be related first. As soon as it’s established you’ll be able to join the Break up-Visitors connection.
If nevertheless you do not need the Break up-Visitors connection to attach via the All-Visitors VPN connection, then you definately’ll want so as to add an exception to your routes. This may be completed by enhancing the Break up-Visitors connection in Viscosity, after which including a route directing site visitors for the Break up-Visitors VPN server’s IP handle to undergo the conventional community. This may be completed by following the steps within the Routing Visitors For Web sites & Functions article.
Connecting Two All-Visitors Connections
This example is frequent when wanting to attach one VPN Service Supplier connection via one other VPN Service Supplier connection. That is also known as connection chaining.
To keep away from potential DNS points and ease of reconnecting one (or each) of the connections, we suggest turning one of many connections right into a Break up-Visitors connection. This needs to be the VPN connection you need to have the second VPN connection join via. This may be achieved by disabling all site visitors going via the VPN connection, after which following the steps within the “Connecting a Break up-Visitors Connection and a All-Visitors Connection” part above.
