Does anyone know of a means to connect to around 20 VPN servers simultaneously?
We have multiple systems that all use an OpenVPN server for remote access. These are all over the country and aren’t all for the same client and as such every single one needs to have a separate VPN.
We’d like to create a board that brings live data from all these for monitoring purposes and as such it would need to obtain live data from them.
Does anyone know of a means to achieve this?
Your looking for monitoring and data, NOT connectivity. Don’t do this at all, you don’t want the hassle of setting it up with all the security it requires or even in the case of removing a customer from this setup. You are not even talking about managing all in one interface or app
You just need zabbix it’s agents and proxies setup.
One other concern besides having a huge network easily accessible is, do you have permission from all your clients to create this setup?
connect to every vpn in a openvp separate process but do not set default gw…
now use ip route tables to get out on every vpn u wish.
When your clients get breached (not if), your company will be held liable for the damages to every other client that gets hacked because you created an insecure non filtering open hole between all of them. You said you got permission but did you have an engineer write up all the risks and your clients explicitly approve those? Did you have an attorney write up a contract explaining liability of this for your clients to sign? Did you clear this with yours and your clients cyber insurance? Because this violates every cyber liability policy ever written.
DONT DO THIS. get a software and experienced network orofessional to give you advise on how to use other tools to accomplish your goals.
OpenVPN GUI for windows, tunnelblick for macOS, OpenVPN2 or OpenVPN3 for Linux, all support connecting to multiple servers at the same time.
If you don’t immediately understand how to do this, you’re not going to understand why it’s a bad idea.
Viable solution if you configure iptables correctly. https://iptablesgenerator.totalbits.com/
OPNsense with enough cpu power should be fine. Used it for a long time to port forward & route through VPN, and it did work fine for 4 years.
We have permission as we’re responsible for maintaining our portion of the system.
Correct with regards to not needing connectivity. As such, I’ll take a look at zabbix; it’s all a brainstorm at the moment anyway.
Do you know of any in particular as the ones we’ve tried only allow a single VPN connection at a time.
Great. The question sounded very scary from a security point of view. Besides, you may want to monitor and even use other types of VPNs like wireguard and even more. So zabbix is a possible answer.
```
Install OpenVPN on Ubuntu.
Obtain the 20 configuration files
Configure OpenVPN Connections: client1.conf, client2.conf, client3.conf
Start each OpenVPN connection
Configure a local network
sudo sysctl -w net.ipv4.ip_forward=1
add the following to: /etc/sysctl.conf
net.ipv4.ip_forward=1
Use iptables to route traffic from local/internal to the appropriate OpenVPN connection
sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun1 -j MASQUERADE
```
OpnSense (and probably pfsense) can do this. I’ve got multiple VPN client connections going, and it has the client built in. You just have to configure each endpoint, and setup your route rules.
It’s actually pretty nice how they have things setup now to do something like this.
FYI, this is a security nightmare.
You’re creating a way for hackers who compromise one of your clients to be able to reach your other 19 client networks.
You are way, way, WAY out of your league, and you should stop what you’re doing immediately.
And he will be held fully liable for the full damages of every company. This is not advised by any security practice. DONT DO THIS. There’s better ways out there to monitor and get live data.