Performance Issues Running Two OpenVPN Servers on AC68U?

[bnhf]

I'd like to set up a second OpenVPN server on a AC68U (with latest Merlin) that I can only access remotely through an existing OpenVPN instance. I'm currently running TUN and I'd like to see how a TAP configuration performs, since I think it may allow connection of two residential networks in a way that works better for the users. I'll have each OpenVPN server on its own port.

Anyone know of issues doing this? Am I likely to get disconnected from Server1 as I'm saving the new Server2 config? I don't anticipate having ongoing simultaneous connections to the two VPNs (though I'm curious how well this would work) -- its mostly just to compare approaches at this point.

Also, I have two OpenVPN Client configurations on the router I'd like to clear out at the same time. I've seen the "Default" button, and I'm just looking for confirmation that Default only clears the config for the current client and not all OpenVPN clients and servers saved on the router. I don't have local access to an Asus router at the moment to test any of this stuff in a non-live environment.

 

[martinr]

Don't know about default clearing only the server/client depending on which page you're on, but use John's NVRAM Save/Restore Utility and backup your settings first so you could restore in a jiffy if necessary. Or, if you haven't used that yet, and I advise carefully digesting the instructions before use, you could backup using the GUI backup (but only use on that version of firmware, unlike John's)

I have 2 OpenVPN servers running on RT-AC68U, both tun, can't say I've ever had cause to believe they affect performance.

I could be wrong, so research it, but I think I read that the tap (protocol?) does not work on Apple client devices, only tun.

 

[bnhf]

I'm guessing that neither John's NVRAM Save/Restore or the GUI backup are going to provide me with much of a safety-net in this case since I'm going to be making these changes remotely, over an existing OpenVPN server instance. That's my main motivation for trying to get a bit of a preview of how some of these settings might behave. Makes sense to do a GUI backup though, in the event I have to talk someone through restoring the router over the phone at some point in the future.

Glad to hear that a second OpenVPN server won't likely have a noticeable impact. I'm mostly just hoping to avoid losing, or significantly slowing, remote access to the router.

Thanks for the feedback!

 

[martinr]

Now I fully understand your apprehension. In that case, assuming I've not misunderstood, I'd ask why take the risk of clearing the OpenVPN client configurations, merely turn OpenVPN client off?

Keep one OpenVPN tun server untouched ie don't mess with its settings, so that's your safe route in, and then experiment with the second server only, if you must.

But I would say that unless you really trust the technical competence of the person who'll be on the other end of the phone acting on your instructions to fix any disasters, don't experiment at all, especially if it's vital the router stays operational. It's so easy to make a mistake or overlook something, especially if tired or distracted. When you are physically next to the router it's a different matter, but being remote and having to explain to someone what the on/off switch looks like over the phone is taking a big gamble.

Good luck but do reconsider what would happen if things went awry.

 

[bnhf]

Thanks for your thoughts on the subject @martinr. I am trying to avoid having this router go down, but at the same time I'd like to understand what can and can't be done while connected by OpenVPN. I have a number of these routers in far-flung locations (that I'm supporting) and changes are inevitable.

I setup an RT-AC66U today at my current location, so I was able verify that "Default" on an OpenVPN client or server instance ONLY deletes the settings for that instance (along with its keys and certificates). I inadvertently left my personal VPN Client credentials configured on this router and since there's a "Show password" option, I want to clear that config.

Keep one OpenVPN tun server untouched ie don't mess with its settings, so that's your safe route in, and then experiment with the second server only, if you must.

I'm in agreement that messing with the settings of my working VPN is asking for trouble. I'm going to see how it goes though using Server2 for an alternate configuration. They have a backup RT-N66U in the event things go toes-up -- which I'm glad that I left intact with its own keys, certs and DDNS!

 

[martinr]

Thanks for that. Remote administrator; that must keep you on your toes and make you think twice before making any changes or updates. Clever idea to run a practical test on a spare router first. Good luck with it.