Feature Request: Select <connection> block in Tunnelblick UI

26 views
Skip to first unread message

Eric Crist

unread,
Sep 14, 2021, 3:55:47 PM9/14/21
to tunnelblick-discuss
We utilize some other VPN tools that allow our users to select different sites for a single VPN (i.e. GlobalProtect).  Selecting one site will disconnect from one site and connect to the selected site.

With Tunnelblick, we can create multiple configurations, but there can be connected simultaneously.  

I have ideas on how this can be done, but just wanted to float this out there now for thoughts.

Eric

Tunnelblick developer

unread,
Sep 14, 2021, 5:04:49 PM9/14/21
to tunnelblick-discuss
Do you mean:

When you connect configuration B
and configuration A is already connected
and A and B are associated with each other in a group,
then Tunnelblick should disconnect A first, then connects B?

That wouldn't be too hard if we specify that the association must be that they are in the same folder (see Arrange Configurations in a Folder Hierarchy).

(The downside is that it could give users a false sense of security. They may not know that from the time the first VPN is disconnected until the second VPN is connected, traffic with not be going through a VPN.)

Eric Crist

unread,
Sep 15, 2021, 9:13:12 AM9/15/21
to tunnelblick-discuss
Yes, your workflow matches what I'm suggesting.

Palo Alto GlobalProtect already kinda does this, as does MS DirectAccess.  You connect to a "portal" and that portal can have multiple gateways.  In our situation we have data centers in Minnesota and New York, which multiple endpoints/gateways in each data center on diverse carriers.  If one has issues or is performing poorly for a given user or set of users, we currently suggest they switch to another endpoint/gateway.  

They are already accustomed to losing their VPN connection during the transition of disconnect -> reconnect.

You could do this within folders, or we could use <connection> bloxks within a single configuration with some agreed upon comment like:

<connection>
#tb: New York 1
remote x.x.x.x 1194 udp
</connection>
<connection>
#tb: Minnesota 1
remote y.y.y.y 1194 udp
</connection>
...

And so on.

There is a related feature, if this were implemented, that could be useful.  In the case of PA GlobalProtect, they provide a "best server" option where, when selected, the client performs a quick analysis using ping and traceroute to figure out which server/gateway is closest or fastest, and connects to that one.
Reply all
Reply to author
Forward
0 new messages