Forum / Remote Desktop Manager - AddOns

OpenVPN: Allow multiple active profiles

  • Create an Issue
  • Cancel

With OpenVPN it's possible to have multiple active VPN connections.

This can be very helpful if you need to have a connection to multiple sites, different customers, or just have an active VPN to HQ while being able to open up additional tunnels to different customers.

It is necessary to add more TAP interfaces, which can easily be achieved by running;
%programfiles%\TAP-Windows\bin\addtap.bat

The OpenVPN will just use any available TAP interface, but it is also possible to specify a specific interface by using the dev-node operand

By default the OpenVPN-GUI will not provide any method to open multiple connections, but this can be achieved by placing multiple .ovpn profile-files in the folder; %programfiles%\OpenVPN\config

RDM currently does not seem to be able to make use of this.
If a openssl-connection is active, trying to open another connection does not do anything.

I presume RDM launches openvpn-gui.exe --connect somefile.ovpn --config_dir "somedir"

This does not allow for multiple instances.

If we want to achieve multiple active VPN-connection we would have to start openvpn.exe like such;

openvpn.exe --config somepath\somefile.ovpn --auth-user-pass somepath\somefile.txt
Where somefile.txt (if used) has the username on the first line, and the password on the second line.

It is however necessary to run this with elevated rights, and the commandline window remains open.

The Open-VPN GUI bypasses this by addressing the OpenVPN interactive service;
https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService (bit outdated info)

I would very much like to see RDM make use of this.
So that we do not need the OpenVPN-GUI AND can have multiple VPN connections active at the same time.

I presume it would be possible for the RDM client to also interact with the OpenVPN Interactive Service.
Thus being able to transparently open and close VPN connections, whilst also being able to monitor their state.
I.e. RDM could be operating as an alternative to the OpenVPN-GUI client.

Because many different Client VPN solutions actually use OpenVPN under the hood (Watchguard SSL, Sonicwall NetExtender, Sophos SSL) I would very much prefer to use OpenVPN as the 'default' VPN client for SSL-VPN connections.

Therefor I believe emphasis on the OpenVPN 'addon' would greatly benefit RDM.

Clock15 days

This is Quite informative.Thank you so much for your efforts.I feel very grateful to be part of this intellectual community.i was working on my project and this helped me alot.

Clock15 days

Hi,

Thanks for the information, we are currently looking to support multiple OpenVPN directly in RDM.


That being said, I'm asking myself if OpenVPN users "normally" add multiple TAP before trying to start multiple OpenVPN or if we need to add a TAP before creating a new VPN and deleting it after.
I'm quite afraid of the impact to add network cards on Windows and delete it each time someone needs to start a VPN.

Thanks for your feedback, it will help us set up this feature.

Thanks,



David Grandolfo

signaturesignature

Clock6 days

I would suggest you leave the creation of additional TAP interfaces up to the end-user.
RDM is for Power Users.


If RDM would add a TAP interface, that would require elevated rights, causing UAC prompts.
This can get very annoying, very quickly.

What maybe would be possible is the following;

In the session properties, upon creation of an OpenVPN session show a remark in the bottom that says 'you must add additional TAP drivers if you want multiple active connections. Click <here> to add a TAP interface, you currently have <X> TAP interfaces.

If RDM knows how much VPN sessions are active (it knows it opened the sessions, plus can interact with the OpenVPN Interactive Service) then it could also show a popup saying 'you have no TAP interfaces free; please close one or more active sessions'. Or perhaps even show a list of sessions so the user can choose to close a specific one.


Also this can make use of the VPN groups to keep a VPN active while we have sessions opened, but close the VPN automatically if no more sessions require the VPN.

I presume everyone can decide for themselves how often they want to run addtap.bat and in RDM a simple infobox warning about no more free TAP interfaces would suffice.

Please do not add features that require elevation under normal use smile

Clock4 days

Wow thanks for the answer it's complete. I transfer it to the engineering department and if I have further questions I let you know.

Regards,



David Grandolfo

signaturesignature

Clock4 days