Often your VPN provider will change servers, bringing some down and bringing up faster ones that can perform better.  Using the Python script in the code library, you can quickly test different servers and see if the ones you’re using are still the best.

You’ll need to remove old servers and add new ones, but as you’ve seen there are a lot of places to check.  Here’s a checklist:

clean up old
    remove old outbound NATs (try to leave one for copying)
    remove old routes
    remove ovpn ID’s
    set routing groups to never use old interfaces
    assign interfaces and delete old
 
install new
    install all new certificates
    set up ovpn profiles for each
        add new client
        p2p, ssl/tls
        tcp
        tun over WAN
        set IP
        set port, 443
        name (nord536tcp – nord<no>tcp)
        username/pw : [email protected] w/pw (1passwd)
        enable tls auth, don’t automatically generate a key, provide the one in the config
        set peer cert authority (the one you imported above)
        set crypto / sha parameters per config file
        compression : enabled, adaptive
        don’t route IPv6
        provide custom options per below:
 
resolv-retry infinite;remote-random;tun-mtu 1500;tun-mtu-extra 32;mssfix 1450;persist-key;persist-tun;reneg-sec 0;remote-cert-tls server;sndbuf 524288 ;rcvbuf 524288
 
 
    confirm they’re all good (status : openvpn)
    add new interfaces
        interfaces -> assign
            select new port, then add.
            click on name to rename to nord<num>int , ie, nord534int
            click enable up top, then save
 
    shape new interfaces (system – interfaces)
        can’t rename interface names from here, unfortunately.
        set a monitor IP.  Note that this isn’t checked from the local gateway, it’s from a VPN datacenter
        weight : 1
        probe interval : 1000
        alert interval : 2000
        Monitor IP options : free DNS servers are good, such as opennicproject.org. freedns and dns.watch
 
    add to gateway groups (fallthrough and distributed)
        you may have to reboot before these show and test correctly
 
    set new outbound routes (firewall – NAT – Outbound)
        much easier if you copy an existing, otherwise:
             set the interface
             protocol : any
             source : network : 10.11.0.0/16
             translation address : interface address
             description : out vpn
 
     reboot firewall
Leave A Reply