Question

Dynamic OpenVPN Network with multiple droplets and configurations

Hi there,

The short version:

Is it possible to have dynamic OpenVPN configurations based on the client profile that is connected to it?

The long version:

I was able to successfully set up an OpenVPN server on Ubuntu 16.04 with the help of this awesome tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

I have been using the VPN service with my computer since a couple of days and everything works amazingly well. I am still relatively new to the VPN server world, but I would like to try to improve the setup for my private use.

I followed this tutorial below to set up Pi Hole for DNS based Ad blocking: https://www.cyberciti.biz/faq/ubuntu-linux-install-pi-hole-with-a-openvpn/

This worked also without many issues, almost too well. However, sometimes I would not like to use it. Then I usually connect via SSH and change the DNS “dhcp-option” lines back to Google’s nameservers. This was the first time when I wondered if I could control the OpenVPN configuration based on the client profile that is connected to it? In best case I would have two profiles that utilize different OpenVPN configurations. Is this possible?

Secondly, due to my local internet connection, I noticed that the connection between my computer and the VPN (in another country) is sometimes very slow. It would be amazing if I could create a droplet in a region closer to my location, essentially resulting in this set up.

My computer -> VPN Connection -> Droplet 1 (close to my region) -> VPN Connection -> Droplet 2 (in target region) -> Default or VPN Connection -> Target Service

I assume that I could set up a OpenVPN server and client in Droplet 1 running at the same time. That would create a network as outlined above. But again I have the big question, if I could create multiple client profiles and depending with which profile I connect, I could control if I use the network as outlined above or maybe directly connect with Droplet 1 to the target service. Essentially is it possible to have dynamic OpenVPN configurations based on the client profile that is connected to the service?

With my beginner knowledge, I read that Tinc supports multiple nodes easily, but at the same time many users seem to prefer OpenVPN over Tinc.

In case it is relevant, I come from a web development background (PHP,JavaScript,etc.), but I also know my way around in bash scripting, Java and C++.

Any help, even just links that help me to better understand the possibilities.

Thank you,

Jan


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@hansen sorry for the late reply. I was way to occupied with work the last days. If it helps, we can use Netflix as an example, but actually I am just interested connecting to some of my client’s and my own webservice’s that are blocked from outside Germany or the US. (e.g. (s)FTP connections, etc.)

If you have any suggestions on where to start, I would highly appreciate it.

Thank you.

@hansen,

Thank you very much for all the details. This is great! I think the issue is that I am partly using the VPN in Europe and the US to connect to services that are only available in those countries. With my current setup this is possible, but with a horrible connection in the evenings. That is why I wonder if I can route the traffic through Singapore (or Bangalore) before connecting to the actual second droplet.

At the same time, it would be amazing if I could use the same droplet in Singapore or Bangalore to connect directly to the service of my choice, e.g. when I just want to normally browse the web. In best case I would make the choice by connecting with two different client profiles to the droplet in Singapore (or Bangalore).

Thank you for your help. I really do appreciate it and hate to make things so complicated.

@hanse,

I am located in Thailand at the moment. In the evenings connections to the USA and to Europe become horrible due to a limited bandwidth allowance of the local ISPs. However, I would like to connect to services in the USA and Europe through the VPN service running on the droplets with improved connection stability (stability is more important than latency to me). So I intend to create another droplet in Singapore. Based on my tests connections to Singapore work most of the time great here and then have that droplet connect to either the droplet in the US or in Europe, in best case based on the client profile I connect with.