I am trying to use multiple remote servers on my openvpn client.
Basically I want openvpn to try the first one (which is an fqdn) and if it cant connect then it should go to the second one (which is an ip address).
From the logs I see that it just keeps trying the first one and never goes to the second one...
is there any option I need to set for it to move on to the second?
So far all I have set is the two "remote" lines (ex):
remote my.fqdn.com 4000
remote 11.11.11.11 4000
For a test I have purposedly set the first remote lineto a non-existing domain in hopes it would fail and move on to the second "remote" entry which did not happen
remote siuhsudf.sdfiuhsdfui.com 4000
remote 11.11.11.11 4000
here is a bit of the logs. as can be seen it does not skip to the second remote entry and just keep retrying the non-existing remote server
Thu May 24 19:39:59 2018 us=429138 RESOLVE: Cannot resolve host address: siuhsudf.sdfiuhsdfui.com: Name or service not known
Thu May 24 19:39:59 2018 us=429208 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:12 ET:0 EL:3 ]
Thu May 24 19:39:59 2018 us=429263 Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu May 24 19:39:59 2018 us=429280 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu May 24 19:39:59 2018 us=429336 Local Options hash (VER=V4): '5cb3f8dc'
Thu May 24 19:39:59 2018 us=429358 Expected Remote Options hash (VER=V4): '898ae6c6'
Thu May 24 19:39:59 2018 us=429890 NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Thu May 24 19:39:59 2018 us=429926 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Thu May 24 19:39:59 2018 us=449187 RESOLVE: Cannot resolve host address: siuhsudf.sdfiuhsdfui.com: Name or service not known
Thu May 24 19:39:59 2018 us=449444 TCP/UDP: Closing socket
Thu May 24 19:39:59 2018 us=449522 SIGTERM[soft,init_instance] received, process exiting
here is my full config for reference
##############################################
# client-side OpenVPN config file
# for connecting to multi-client server.
#
# This configuration can be used by multiple
# clients, however each client should have
# its own cert and key files.
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# CLIENT ACCEPTS SERVER OPTIONS
# The client should accept options pushed
# by the server
pull
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote siuhsudf.sdfiuhsdfui.com 4000
remote 11.11.11.11 4000
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto tcp-client
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
# nobind => do not bind
# #nobind => bind
#nobind
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
user nobody
group nogroup
# After initialization, OpenVPN can only
# access a directory
# The directory can be empty
# OpenVPN process limitation
chroot /etc/openvpn/
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-tun
#################################################
# Encryption
#################################################
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
# CA Public Key
ca /root/ca.crt
# Local certificate
cert /root/cert.crt
# Local key
key /root/cert.key
tls-client
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
#comp-lzo
#################################################
# Network
#################################################
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev myvpn
dev-type tun
#################################################
# Logging
#################################################
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/logs//openvpn//myvpn-status.log 20
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log /var/logs//openvpn//myvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
remap-usr1 SIGTERM
connect-retry-max 2
single-session
tls-exit