We have three scenarios we need to test:

  • NoVPN: If your machine’s IP address is in the high range – ending in .209 through .253 –  you should go straight out
  • VPNSerial : if your machine’s IP is in the VPNSerial group / alias, that machine will only use a single channel at a time
  • Default Spread Spectrum VPN: If your machine is neither in the high range nor the VPNSerial group, you should go out multiple channels at the same time OR constantly get a different IP address each time you check.

No VPN

Test conditions:

  • Change your computer’s IP address to something ending in .209 through .253.  In this example, we’ll use 10.10.0.210 .
 

 

Success: if the IP address you see matches the firewall’s external interface (Status -> Dashboard -> Interfaces: WAN ) then it’s working properly.

Troubleshooting:

  • Ensure your IP’s really changed.  In Windows, go to Start -> Run -> cmd . In that DOS box, type “ipconfig” and check your IPv4 address.
  • Confirm your NoVPN alias in Firewall -> Aliases, make sure it’s set to /28
  • Confirm the use of that alias in Firewall -> NAT -> Outbound : is it listed?
  • Confirm the use of that aliases in Firewall -> Rules -> LAN : Does the line with a source of NoVPN go to the WAN gateway?

One channel at a time – VPNSerial

Test conditions:

  • Update the VPNSerial alias (Firewall -> Aliases : IP ) group and make sure it has an appropriate IP address.  In this example, we’ll use 10.10.0.50 .
  • Change your computer’s IP address to 10.10.0.50 .
 
 Point any web browser to https://www.whatismyip.com OR just google “What is my ipv4 address” .  After testing above, you may need to close your browser, launch in In Private / Incognito mode (which doesn’t store cookies) or otherwise start a new session.

 

Success: if the IP address you see is always the same IP but is NOT the same address as your WAN address above, you know you’re good.

To confirm, you can disable the first VPN route (VPN -> OpenVPN -> Clients. Edit a connection, select Disabled at top, then save), you should automatically switch to the next VPN in the chain such that your IP address changes to something new, but stays there.  Don’t forget to re-enable the disabled VPN channel when done testing.

Troubleshooting:

  • Ensure your IP’s really changed.  In Windows, go to Start -> Run -> cmd . In that DOS box, type “ipconfig” and check your IPv4 address.
  • Confirm the VPNSerial alias in Firewall -> Aliases, make sure it contains the same address as the machine you’re testing with.
  • Review the routes (System -> Routing : Gateways AND Gatway Groups )
  • Confirm the use of that alias in Firewall -> NAT -> Outbound : is it listed?
  • Confirm the use of that aliases in Firewall -> Rules -> LAN : Does VPNSerial go to gateway VPNSerialGroup?
  • Go to Status -> Gateways and see if any OpenVPN channels are Offline or Pending.  If so, troubleshoot those.  If not, ensure each Gateway Name is properly listed in the above routes
  • Go to Status -> Gateways : Gateway Groups . Anything red won’t route traffic.  If something red is listed as a Level 1 gateway, you won’t get anywhere.  Either change the Level to something that’s up or troubleshoot that VPN connection.

Spread Spectrum

Test conditions:

  • Change your computer’s IP address to 10.10.0.5; something not in either NoVPN or VPNSerial groups .
 
 Point any web browser to https://www.whatismyip.com OR just google “What is my ipv4 address” .  After testing above, you may need to close your browser, launch in In Private / Incognito mode (which doesn’t store cookies) or otherwise start a new session.

 

Success: if the IP address you see keeps changing: you update the window or open another browser and make the same request, each time you get a different IP address.  

Success 2: Your IP should not just change, but each VPN channel should have traffic when downloading something large.  Confirm this is the case by going to Status -> Dashboard and adding a new Traffic Graph widget.  This will show the present traffic on each interface.  Keeping that browser open, run a new instance (CNTL-N, or open a separate browser such that if you have the firewall in Chrome, open Firefox) and then download something large.  If you use Steam, you can update your games to find that your bandwidth has increased, games download faster and more smoothly and that all OpenVPN interfaces are in use at the same time.  Do note : the AMOUNT of use per channel won’t be the same, ie, 3mb/sec over every VPN.  Some VPN’s will have 1, some 5, some 3… the firewall is automatically determining what traffic to optimally put where.

Troubleshooting:

  • (I’m assuming the above tests all worked in situ and this is the last test)
  • Ensure your IP’s really changed.  In Windows, go to Start -> Run -> cmd . In that DOS box, type “ipconfig” and check your IPv4 address.
  • Go to Status -> OpenVPN .  Look at each client and ensure you have a VIrtual address and that there are bytes sent and received over that connection.  If not, troubleshoot the affected OpenVPN connections.
  • Review the routes (System -> Routing : Gateways AND Gatway Groups )
  • Go to Status -> Gateways and see if any OpenVPN channels are Offline or Pending.  If so, troubleshoot those.  If not, ensure each Gateway Name is properly listed in the above routes
  • Go to Status -> Gateways : Gateway Groups . Anything red won’t route traffic, troubleshoot each non-green connection.

Next in the series is a quick checklist that will help you maintain these connections over time, as your VPN provider adds/removes servers.

Leave A Reply