VPN Failover script

[sone]

Awesome thank you @Martineau

 

[mister]

Dear all,
may I ask several questions regarding VPN Failover script.

I have following configuration

OVPNC1 : Country 1 - Routing rules for special clients defined
OVPNC2: Country 2 - rest of the clients are routed there



This configuration works well using the X3mrouting script.
I want now a redundancy if one of the VPN Clients goes down.

OVPNC1 : Country 1 - Routing rules for special clients defined - Start at boot
OVPNC2: Country 2 - rest of the clients are routed there- Start at boot

OVPNC3 : Country 1 - failover if OVPNC1 is slow (<6 mbit) or goes down (same rules as OVPNC1)
OVPNC4: Country 2 - failover if OVPNC1 is slow (<6 mbit) or goes down (same rules as OVPNC2)


Is it possible to run the VPN Failover script with different configurations in parallel ?
And if so, how can I achieve, that the Failover scripts are started at Boot? Should I add them to the vpnclient1-route-up respectively vpnclient2-route-up script ?


Thanks a lot for your support ....

 

[tyspeed42]

I just use
remote then ip address and the port for the VPN
in the custom config on asus router works perfect.

 

[mister]

I just use
remote then ip address and the port for the VPN
in the custom config on asus router works perfect.

Thanks a lot, but that doesn´t work in my setup, because there are different VPN providers. :-(

 

[Xentrk]

Thanks a lot, but that doesn´t work in my setup, because there are different VPN providers. :-(

See if this post from the previous page fits your use case requirements.

#          VPN_Failover   1 multiconfig
#                         Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1.
#                         (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP
#                         e.g. 1 vpn.LA.server     553     udp     #HMA Los Angeles
#                              1 vpn.NY.server     443     tcp     #HMA New York
#                              1 vpn.SF.server     1194    udp     #HMA San Francisco

 

[Martineau]

Is it possible to run the VPN Failover script with different configurations in parallel ?

Yes

and if so, how can I achieve that
Should I add them to the vpnclient1-route-up respectively vpnclient2-route-up script ?

Here are examples of calling the VPN Failover script to create the failover-pair VPN Client 1 & 3 based on performance/throughput.

NOTE: I prefer the openvpn-event 'UP' triggers (rather than the 'route-UP' triggers)

/jffs/scripts/vpnclient1-up

VPN_ID=${dev:4:1}

Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID"   "delay=120"   "ignore=2,4,5"   "verbose"   "interval=1200"   force   minrates=600K,?,600K   &

...similarly for the failover-pair VPN Client 2 & 4

/jffs/scripts/vpnclient2-up

VPN_ID=${dev:4:1}

Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID"   "delay=120"   "ignore=1,3,5"   "verbose"   "interval=1200"   force   minrates=600K,?,600K   &

NOTE: It may be simpler to failover the appropriate VPN Client instance to itself when the throughput is less than the expected threshold, but use a different round-robin server - specified either manually in the GUI config or using the script's 'multiconfig' option.

 

[Xentrk]

Yes

Here are examples of calling the VPN Failover script to create the failover-pair VPN Client 1 & 3 based on performance/throughput.

NOTE: I prefer the openvpn-event 'UP' triggers (rather than the 'route-UP' triggers)

/jffs/scripts/vpnclient1-up

VPN_ID=${dev:4:1}

Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID"   "delay=120"   "ignore=2,4,5"   "verbose"   "interval=1200"   force   minrates=600K,?,600K   &

...similarly for the failover-pair VPN Client 2 & 4

/jffs/scripts/vpnclient2-up

VPN_ID=${dev:4:1}

Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID"   "delay=120"   "ignore=1,3,5"   "verbose"   "interval=1200"   force   minrates=600K,?,600K   &

NOTE: It may be simpler to failover the appropriate VPN Client instance to itself when the throughput is less than the expected threshold, but use a different round-robin server - specified either manually in the GUI config or using the script's 'multiconfig' option.

I didn't see where this was mentioned in the thread. Does @mister also need to install John9527's /jffs/scripts/openvpn-event script so /jffs/scripts/vpnclient1-route-up and /jffs/scripts/vpnclient2-route-up get executed by openvpn-event?

 

[Xentrk]

The other item @mister needs to consider is the routing rules created by x3mRouting. If you switch from client1 to client2, the routing rules will still be pointing to client1!

Update:
The way to handle this is to run the x3mRouting script and pass the "del" parameter to it from /jffs/scripts/vpnclient1-down. This will purge the routes when the client goes down. Then, run the x3mRouting script from the vpnclient2-route-up passing the vpn client number "2" parameter to create the new routing rules.

 

[mister]

Thanks a lot @Xentrk , @Martineau for your support. In the case, I need Johns script please let me know and please a step by step how to.

@Martineau : You said "NOTE: I prefer the openvpn-event 'UP' triggers (rather than the 'route-UP' triggers)" : adding to vpnclient1-route-up is not possible or would led to another effect, that I don´t want?

May you explain the parameters "minrates=600K,?,600K &" in your script ? For what reason you add the "&" and what mean the ?,600K ?? --> Thanks a lot for your support....





I just noticed that I have to swap a few clients again, so that the routing priorities are still correct, in case a VPN is changed.

I think
OVPNC 1&2--> country 1 (higher priority than country2)
OVPNC 3&4 ---> country 2 (3rd failover, 4th active)

I think it makes more sense to set OVPNC4 to "active" so that the CPU power is normally better distributed on my RT86U - or did I misunderstand Merlin's remarks?

 

[mister]

The other item @mister needs to consider is the routing rules created by x3mRouting. If you switch from client1 to client2, the routing rules will still be pointing to client1!

Update:
The way to handle this is to run the x3mRouting script and pass the "del" parameter to it from /jffs/scripts/vpnclient1-down. This will purge the routes when the client goes down. Then, run the x3mRouting script from the vpnclient2-up passing the vpn client number "2" parameter to create the new routing rules.

Thank you for your comments.

I will copy the complete content of the VPNCLIENT1-route-up script to a VPNCLIENT1-route-down script and add del after everything , right

e.g.
Code:
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

would be to
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net del

and than I add

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 2 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

to VPNCLIENT2-route-up and create the VPNCLIENT2-route-down as for VPNCLIENT1-route-down.


Did I understand you in the right way?

 

[Xentrk]

Thank you for your comments.

I will copy the complete content of the VPNCLIENT1-route-up script to a VPNCLIENT1-route-down script and add del after everything , right

e.g.
Code:
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

would be to
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net del

and than I add

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 2 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

to VPNCLIENT2-route-up and create the VPNCLIENT2-route-down as for VPNCLIENT1-route-down.


Did I understand you in the right way?

That should do it. I bounced one of my clients to verify the script names for up and down events. x3mRouting already comes with an /jffs/scripts/x3mRouting/openvpn-event script. Use option 4 from the x3mRouting menu to install. If you were using /jffs/scripts/nat-start, comment out the references to x3mRouting or remove nat-start. You can add vpnclient1-down and vpnclient2-route-up scripts to the /jffs/scripts/x3mRouting folder.

You also need to add the Policy Rules for LAN clients in the OpenVPN2 screen so the routes become active when the vpn client starts up.

If you are bypassing the VPN for NETFLIX and routing to the WAN, just replace the 1 or 2 parameters in the examples you posted with a 0:

vpnclient1-down

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net del

vpnclient2-route-up

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

 

[mister]

Dear all,
I began with order of my OVPNC connections to split the CPU power on the cores as Merlin wrote. So my OVPNC1 country 1 (Policies rules ) is active, OVPNC 2 (Policy rules, contry 1 failover), OVPNC3 (policy rules strict, country2 failover) , OVPNC4 (polices rules, strict) country 2 active.

What surprised me and took some time yesterday was the option "block if tunnel goes down (Killswitch)".

As I said, OVPNC4 was active, OVPNC3 was inactive and both had killswitch enabled.
No traffic was sent via OVPNC4 - just because the killswitch was active in OVPNC3.

(Actually logical, it didn't occur to me so far only because the active VPN with the killswitch had had a higher priority than the failover VPN and therefore this case normally didn't occur).

So there is no possibility to use a killswitch with the VPN failover script ?
Maybe a workaround could be to activate the OVPNC5 client as well and activate only there the Killswitch???
What do you think ?

 

[Martineau]

So there is no possibility to use a killswitch with the VPN failover script ?
Maybe a workaround could be to activate the OVPNC5 client as well and activate only there the Killswitch?

If you have configured overlapping Selective Routing IPs/ranges/CIDRs for more than one VPN Client, then activating the Kill-switch ONLY on the lowest priority VPN Client is the correct (GUI) solution i.e. it is not a workaround.

 

[mister]

If you have configured overlapping Selective Routing IPs/ranges/CIDRs for more than one VPN Client, then activating the Kill-switch ONLY on the lowest priority VPN Client is the correct (GUI) solution i.e. it is not a workaround.

Thanks a lot, I made it so. At the weekend I will try to implement your VPNfailover script. Is it possible to explain the "minrates=600K,?,600K &" in your script ? It would help me, if I want to modify the configuration that it fits best for me. Could the "ping" considered as well as trigger ?

Thanks a lot again !

 

[Martineau]

Is it possible to explain the "minrates=600K,?,600K &" in your script ? It would help me, if I want to modify the configuration that it fits best for me.

The script's help should assist in describing the syntax

Spoiler: VPN Failover script help syntax

./VPN_Failover.sh   -h

#
#          VPN_Failover   [-h | help | status ] |
#                         {vpn_instance to monitor} [ignore='csv_vpn_clients] [interval='seconds'] [timeout='seconds']] [force[big | small]
#                         [curlrate='number'] [minrates='csv_rates'] [verbose] [delay='seconds'] [noswitch[='hhmm-hhmm'[,...]]] [silent]
#                         [multiconfig] [once] [pingonly=ping_target] [sendmail {emailcfg='config_file'}]
#
#          VPN_Failover   1
#                         Monitor VPN Client 1 every 30 secs and if DOWN switch to VPN Client 2 and then monitor VPN Client 2
#                         (This initiates the round robin for ALL VPN Clients (if configured) in sequence 2,3,4,5 then back to VPN Client 1)
#          VPN_Failover   1 once
#                         As above, but the script terminates immediately and exits if the VPN Client 1 connection is UP.
#          VPN_Failover   status
#                         Show the status of ACTIVE monitoring processes and the semaphores '/tmp/vpnclientX-VPNFailover'
#          VPN_Failover   2 ignore=3,4,5
#                         Monitor VPN Client 2 every 30 secs and if DOWN switch to VPN Client 1 and then monitor VPN Client 1
#                         (This initiates the round robin ONLY for the two VPN Clients; VPN1 (Primary) and VPN2 (Fail-over)
#          VPN_Failover   2 interval=60
#                         Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
#          VPN_Failover   5 timeout=45
#                         Monitor VPN Client 5 every 30 secs and if DOWN switch to VPN Client 1 and allow max 45 secs for Client 1 to start
#                         then monitor VPN Client 1
#          VPN_Failover   4 pingonly=10.99.8.1
#                         Client 4's OpenVPN Server, may have 'LANONLY', so a cURL to retrieve the VPN exit-IP will not work, so instead
#                         force the test to use only PING. (NOTE: The ping target will normally be the remote router (nvram get lan_ipaddr))
#          VPN_Failover   3 force curlrate=1M
#                         If the 12MB cURL transfer rate is <1048576 Bytes per second, then treat this as VPN Client 3 'DOWN'
#                         (This cURL rate is not applicable to other VPN Clients if a switch occurs)
#          VPN_Failover   3 force curlrate=1M verbose
#                         As previous example, but additional cURL transfer statistics/progress messages are shown on the console. (Useful to determine appropriate 'minrates=')
#          VPN_Failover   3 forcesmall curlrate=1000 verbose noswitch=08:59-17:00
#                         If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed during 'office' hours 9-5
#          VPN_Failover   3 forcesmall curlrate=1000 verbose noswitch
#                         If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed at ANY time.
#                         (If VPN Client 3 is DOWN; the 'noswitch' directive is temporarily ignored to ensure the next round-robin VPN Client is started and found to be UP)
#          VPN_Failover   1 force curlrate=900K minrates=?,500k,123456
#                         Explicitly override three of the VPN Client minimum cURL rates e.g. VPN1=9921600B/sec,VPN2=512000B/sec and VPN3=123456B/sec (VPN4 and VPN5 remain 0B/sec)
#                         If the 12MB cURL transfer rate is <9921600 Bytes per second, then treat this as VPN Client 1 'DOWN'
#                         (If a switch to VPN Client 2 occurs, a min rate of 512000B/sec will be expected, and if a switch to VPN3 occurs, a min rate of 123456B/sec will be expected)
#          VPN_Failover   1 multiconfig
#                         Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1.
#                         (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP
#                         e.g. 1 vpn.LA.server     553     udp     #HMA Los Angeles
#                              1 vpn.NY.server     443     tcp     #HMA New York
#                              1 vpn.SF.server     1194    udp     #HMA San Francisco
#          VPN_Failover   2 interval=60 sendmail emailcfg=/jffs/configs/Email.conf
#                         Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
#                         and send an email using the email configuration parms in '/jffs/configs/Email.conf'

Effectively, it enforces (possibly different) throughput thresholds to be applied when switching between different VPN clients - in this case VPN 1 and 3 will both have the same (600K Bytes/Second) download threshold.

The '&' means the script will execute in the background.

Could the "ping" considered as well as trigger ?

You could try the 'pingonly=' option in lieu of the cURL data transfer.

 

[mister]

The script's help should assist in describing the syntax

Spoiler: VPN Failover script help syntax

./VPN_Failover.sh   -h

#
#          VPN_Failover   [-h | help | status ] |
#                         {vpn_instance to monitor} [ignore='csv_vpn_clients] [interval='seconds'] [timeout='seconds']] [force[big | small]
#                         [curlrate='number'] [minrates='csv_rates'] [verbose] [delay='seconds'] [noswitch[='hhmm-hhmm'[,...]]] [silent]
#                         [multiconfig] [once] [pingonly=ping_target] [sendmail {emailcfg='config_file'}]
#
#          VPN_Failover   1
#                         Monitor VPN Client 1 every 30 secs and if DOWN switch to VPN Client 2 and then monitor VPN Client 2
#                         (This initiates the round robin for ALL VPN Clients (if configured) in sequence 2,3,4,5 then back to VPN Client 1)
#          VPN_Failover   1 once
#                         As above, but the script terminates immediately and exits if the VPN Client 1 connection is UP.
#          VPN_Failover   status
#                         Show the status of ACTIVE monitoring processes and the semaphores '/tmp/vpnclientX-VPNFailover'
#          VPN_Failover   2 ignore=3,4,5
#                         Monitor VPN Client 2 every 30 secs and if DOWN switch to VPN Client 1 and then monitor VPN Client 1
#                         (This initiates the round robin ONLY for the two VPN Clients; VPN1 (Primary) and VPN2 (Fail-over)
#          VPN_Failover   2 interval=60
#                         Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
#          VPN_Failover   5 timeout=45
#                         Monitor VPN Client 5 every 30 secs and if DOWN switch to VPN Client 1 and allow max 45 secs for Client 1 to start
#                         then monitor VPN Client 1
#          VPN_Failover   4 pingonly=10.99.8.1
#                         Client 4's OpenVPN Server, may have 'LANONLY', so a cURL to retrieve the VPN exit-IP will not work, so instead
#                         force the test to use only PING. (NOTE: The ping target will normally be the remote router (nvram get lan_ipaddr))
#          VPN_Failover   3 force curlrate=1M
#                         If the 12MB cURL transfer rate is <1048576 Bytes per second, then treat this as VPN Client 3 'DOWN'
#                         (This cURL rate is not applicable to other VPN Clients if a switch occurs)
#          VPN_Failover   3 force curlrate=1M verbose
#                         As previous example, but additional cURL transfer statistics/progress messages are shown on the console. (Useful to determine appropriate 'minrates=')
#          VPN_Failover   3 forcesmall curlrate=1000 verbose noswitch=08:59-17:00
#                         If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed during 'office' hours 9-5
#          VPN_Failover   3 forcesmall curlrate=1000 verbose noswitch
#                         If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed at ANY time.
#                         (If VPN Client 3 is DOWN; the 'noswitch' directive is temporarily ignored to ensure the next round-robin VPN Client is started and found to be UP)
#          VPN_Failover   1 force curlrate=900K minrates=?,500k,123456
#                         Explicitly override three of the VPN Client minimum cURL rates e.g. VPN1=9921600B/sec,VPN2=512000B/sec and VPN3=123456B/sec (VPN4 and VPN5 remain 0B/sec)
#                         If the 12MB cURL transfer rate is <9921600 Bytes per second, then treat this as VPN Client 1 'DOWN'
#                         (If a switch to VPN Client 2 occurs, a min rate of 512000B/sec will be expected, and if a switch to VPN3 occurs, a min rate of 123456B/sec will be expected)
#          VPN_Failover   1 multiconfig
#                         Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1.
#                         (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP
#                         e.g. 1 vpn.LA.server     553     udp     #HMA Los Angeles
#                              1 vpn.NY.server     443     tcp     #HMA New York
#                              1 vpn.SF.server     1194    udp     #HMA San Francisco
#          VPN_Failover   2 interval=60 sendmail emailcfg=/jffs/configs/Email.conf
#                         Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
#                         and send an email using the email configuration parms in '/jffs/configs/Email.conf'

Effectively, it enforces (possibly different) throughput thresholds to be applied when switching between different VPN clients - in this case VPN 1 and 3 will both have the same (600K Bytes/Second) download threshold.

The '&' means the script will execute in the background.


You could try the 'pingonly=' option in lieu of the cURL data transfer.

Thanks a lot for your support. I added the following commands to the files VPNClientX-up

sh /jffs/scripts/VPN_Failover.sh 1 "delay=120" "ignore=3,4,5" "verbose" "interval=1200" force minrates=600K,?,600K &

sh /jffs/scripts/VPN_Failover.sh 4 "delay=120" "ignore=1,2,5" "verbose" "interval=1200" force minrates=600K,?,600K &


sh /jffs/scripts/VPN_Failover.sh 5 "delay=120" "ignore=1,2,3,4" "verbose" "interval=1200" force minrates=600K,?,600K &

The result is that VPNStatus

The X3mroutes I added in the VPNCLientX-route-up and VPNCLientX-down routes.

How can I check, that VPNFailover is working as I want it to do?
I tried manually turn off VPN4 via GUI can waited 5 minutes. But the OVPNC3 was not started as I want - altough I checked the Status and it was active.....
What can I do ?

Last question to my OVPNC5 configuration. In the case, OVPNC5 goes down, the service is restarted after 2 Minutes , correct ?

Thanks a lot again.

 

[Martineau]

I tried manually turn off VPN4 via GUI can waited 5 minutes. But the OVPNC3 was not started as I want - altough I checked the Status and it was active.....

Last question to my OVPNC5 configuration. In the case, OVPNC5 goes down, the service is restarted after 2 Minutes , correct ?

In Syslog, there should be messages that indicate the scheduled interval (hh:mm:ss) for the next check to confirm the VPN connection is UP and/or meeting the throughput threshold.

e.g. for my VPN Client 1

Sep  1 10:51:40 RT-AC68U (VPN_Failover.sh): 27180 VPN Client Monitor: Checking VPN Client 1 connection status....
Sep  1 10:51:41 RT-AC68U (VPN_Failover.sh): 27180   using IP retrieval (xxx.xxx.xxx.xxx) - cURL 'http://ipecho.net/plain' rc15=0
Sep  1 10:51:41 RT-AC68U (VPN_Failover.sh): 27180 VPN Client Monitor: VPN Client 1 status OK
Sep  1 10:51:42 RT-AC68U (VPN_Failover.sh): 27180 Will check VPN Client 1 connection status again in 00:20:00 .....@11:11:42

NOTE: 'interval=1200' means 20 minutes not 2 minutes, and 'delay=120' means the interval monitoring will only commence 2 minutes after the VPN connection has been initially established.

Also, you don't seem to have grasped the use of the minrates/curlrate directives.

e.g. you are monitoring VPN Clients 4 and 3, yet have set throughput rates for VPN Clients 1 and 3

sh /jffs/scripts/VPN_Failover.sh 4 "delay=120" "ignore=1,2,5" "verbose" "interval=1200" force minrates=600K,?,600K &

Similarly you are monitoring VPN Client 5, yet have set throughput rates for VPN Clients 1 and 3

sh /jffs/scripts/VPN_Failover.sh 5 "delay=120" "ignore=1,2,3,4" "verbose" "interval=1200" force minrates=600K,?,600K &

 

[Goobi]

@Martineau i got a couple of quick questions:

1. For the multiconfig option, can I put vpn servers to be used by vpn1/3/5 in the same /jffs/scripts/VPNfailover file? If so, how does it know which servers belong to what vpn client? Is it the first number in each server line?

2. Can I combine other parameters with multiconfig (delay,interval,etc.)?

Thanks!

 

[Martineau]

@Martineau i got a couple of quick questions:

1. For the multiconfig option, can I put vpn servers to be used by vpn1/3/5 in the same /jffs/scripts/VPNfailover file? If so, how does it know which servers belong to what vpn client? Is it the first number in each server line?

Yes

2. Can I combine other parameters with multiconfig (delay,interval,etc.)?

The 'multiconfig' option was designed to be used for basic round-robin selection from a list of OpenVPN servers (i.e. UDP/TCP sockets) provided by the same VPN ISP. (This script feature is now available in the OpenVPN GUI configuration)

The script does not currently support additional configuration directives (although it is possible to modify the script)

So I believe for most users, switching between different VPN configs/providers is best handled without invoking the 'multiconfig' option - although there is then of course a limit of five round-robin entities.

 

[Olivier L]

HEllo
"This script feature is now available in the OpenVPN GUI configuration". I cant see where in the GUI we can specify various servers IP?