OpenVPN: Allow multiple active profiles

Hi,

Thanks for the information, we are currently looking to support multiple OpenVPN directly in RDM.


That being said, I'm asking myself if OpenVPN users "normally" add multiple TAP before trying to start multiple OpenVPN or if we need to add a TAP before creating a new VPN and deleting it after.
I'm quite afraid of the impact to add network cards on Windows and delete it each time someone needs to start a VPN.

Thanks for your feedback, it will help us set up this feature.

Thanks,

I would suggest you leave the creation of additional TAP interfaces up to the end-user.
RDM is for Power Users.


If RDM would add a TAP interface, that would require elevated rights, causing UAC prompts.
This can get very annoying, very quickly.

What maybe would be possible is the following;

In the session properties, upon creation of an OpenVPN session show a remark in the bottom that says 'you must add additional TAP drivers if you want multiple active connections. Click <here> to add a TAP interface, you currently have <X> TAP interfaces.

If RDM knows how much VPN sessions are active (it knows it opened the sessions, plus can interact with the OpenVPN Interactive Service) then it could also show a popup saying 'you have no TAP interfaces free; please close one or more active sessions'. Or perhaps even show a list of sessions so the user can choose to close a specific one.


Also this can make use of the VPN groups to keep a VPN active while we have sessions opened, but close the VPN automatically if no more sessions require the VPN.

I presume everyone can decide for themselves how often they want to run addtap.bat and in RDM a simple infobox warning about no more free TAP interfaces would suffice.

Please do not add features that require elevation under normal use :)

Wow thanks for the answer it's complete. I transfer it to the engineering department and if I have further questions I let you know.

Regards,

Any updates or progress you can share with us David ?

Hello,

The task is still in our to-do list, prior to work on it. We had to improve our OpenVPN add-on and include it in RDM. These parts have been completed.

Incidentally, we cannot provide a timeline for its delivery.

Best regards,

Hello David

Any news on this one. My team and I are really looking forward to the "OpenVPN multiple sessions"-option.


Best regards
Joe

Hello Joe,

Sorry for the delay, the task is always on our todo list. I made a follow up on the ticket RDMW-899 and as soon as I have news we will inform you.

For information, we are currently working on main features of RDM 2019.2 . The OpenVPN Multiple feature is not scheduled to be built in short term.

Best regards,

Okay, thanks for your reply. Looking forward to see it implemented sometime.

Best regards
Joe

Any news from that multiple VPN feature?
This is getting important for our society for it to work soon.

Best regards

Hello,

Currently, we're waiting for OpenVPN to update as there was an issue in the command line preventing this feature from working. As soon as it's published and contains the fix, we will update RDM to support this.

Regards,

Hello everyone,

So great news, OpenVPN just released the functionality necessary for us to make multiple connections work. It will be included in the 2020.2 release at the end of next month.

Note that for it to work properly, you will need version 11.15.0.0 of the OpenVPN GUI.

Regards

I appreciate the effort , multiple active connections is a very welcome addition!
But the required use of the GUI, where RDM opens windows and clicks on forms is a no-go.

Please see OpenVPN's documentation as a starting point here:
https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService

I would very much like to be able to use OpenVPN in RDM.
The added advantage of OpenVPN SSL is the advertisement of routes.

Currently we still need to keep .ovpn files externally and manually start a VPN , this negates some of the very cool options of RDM like being able to automatically start a VPN if the host cannot be reached.

I appreciate the fact that my mention of alternatives to the GUI, using the Interactive Service was not the subject of this topic.

As I wrote a year ago;

"I would very much like to see RDM make use of this.
So that we do not need the OpenVPN-GUI AND can have multiple VPN connections active at the same time.

I presume it would be possible for the RDM client to also interact with the OpenVPN Interactive Service.
Thus being able to transparently open and close VPN connections, whilst also being able to monitor their state.
I.e. RDM could be operating as an alternative to the OpenVPN-GUI client."

Hello Rolf,

In the OpenVPN entry, you can check the box "use authentication file" and instead of filling out fields and clicking on controls, it will create a temporary file to login with on your machine, that is cleaned up after. I know it's not the same as interfacing with the service, but at the moment it's what we can provide to make the process smoother.

As for the request of talking to the service directly, we'll open a ticket for this but I can't give you a time frame on when we'll be able to work on this. It's equivalent to creating a completely new integration since the current add-on is too closely related to the GUI.
So that I can understand your needs better, can you explain what you can achieve with the service that we don't currently provide with the GUI add-on? From what you said, it seems to be the following:

1. No need to install the GUI
2. Monitor the status of connections so RDM can automatically know if they are still opened/closed.

Please let me know if I missed anything.

Regards,

Yes, use case is;

• Better integration of OpenVPN, comparable to integration of L2TP/ Windows VPN
• No need for half-measure manipulation of GUI (which is pretty unstable)
• RDM "knows" which TAP interface is the connected VPN, and can close that specific on when all sessions have been closed (VPN group usage)
• RDM can show a progress window, no need to wait and see (this is also somewhat less pretty when using L2TP, the window kinda freezes, you don't really know what's going on)
• Anytime use of some sort of API is possible, that should be the preferred method.
• Will not screw up the OpenVPN settings. I just tried the Addon and noticed it changes the .ovpn path in OpenVPN to C:\Users\MyProfile\AppData\Local\Devolutions\RemoteDesktopManager\OpenVPN\ > I had a central folder linked here which contains all our .opvn and auth files.

Currently nothing even happens when trying an OpenVPN-GUI session in RDM.
I think this is because I already have it opened, which also was the issue beforehand.

Where possible we use OpenVPN instead of L2TP because OpenVPN can advertise routes.
When using L2TP additional routes need to be added after connecting, which causes UAC prompts, in some cases up to 10 times we have to click "allow"

Hello Rolf,

Thank you for the details. Just a note on two of your points:

• RDM can show a progress window, no need to wait and see
  • I think what you're trying to achieve is possible by using the "wait for IP on adapter" setting in the "settings" tab of your OpenVPN entry. This should only wait until the adapter is found, and you can set a timeout for it.
• Will not screw up the OpenVPN settings.
  • If you're using the 'allow multiple' of OpenVPN, you need to change the path it uses to store its settings. By default, it should be in LocalAppData but you might have to configure it if you configured your OpenVPN differently. This can be configured in File > Options > Types > VPN

Your feedback has been noted for the ticket, but as mentioned, the scope of using the OpenVPN service is like creating a completely different add-on/integration, rather than simply adding a feature on top of an existing one.

Regards,