I have an account with a VPN service provider and I have set up all outbound lan to use it. I have many VPN client files (.ovpn) that the service provider supplied me. The contents are connection details including a single ip for the VPN server and cert keys etc specific to that server.
Therefore although I have my router connected to a client I am connected to the same server all the time. I would hope that part benefit of using a vpn would be to not be geolocated in the same place all the time.
I would like the router to switch vpn servers periodically but I’m not sure of the best way.
Open VPN client configs can take a number of IP addresses and you can instruct to pick one at random but there is no way of dealing with different keys per ip address afaik.
I could create more clients and switch them manually but I was hoping there would be a more elegant and automated solution.
Does anyone know how to cycle through or randomly select/switch clients or servers where each server has different keys?
Thanks that’s what I thought I might do - I do have a couple of questions, not sure if you can help:
is it normal/best practice to want to cycle through servers? (I only want to protect my privacy from my isp and any commercial tracking)
I’ve set up an interface called vpn_client and a device called tun0 and I’ve created a firewall zone and fowarding rules (src lan, dest vpn_client) the question is: how does my openvpn client know to route through this network interface? as I can’t see a config setting relating to it anywhere
The ISP tracking is sufficed by using a VPN, unless they are able to decrypt packages (e.g. middle boxes for TLS version < 1.3).
ip geo tracking is only one of many ways that can be deployed by the remote end points to track a user and there are other user tracking methods that are much more subtle and more accurate. You might want to consider:
a) many end points are aware of VPN ips and often deploy (counter) measures like captcha (how many fire hydrants, buses, traffic lights, etc can you be forced to click before admitted to the site content )
b) suppose that tracking prevention is meant for foreground apps like a web browser than it might be better to deploy anti-tracking measures in the app, the more entropy the less tracking (there are various extensions for various browsers)
c) geo ip can be better confused with header manipulation in the browser (there are various extensions for various browsers)
d) as ip geo location is often used by vendors to display different prices for the same product it would be easier/faster and more convenient to change ip with a proxy (extension) in the browser. The proxy traffic would be riding on top of the VPN, if routed accordingly.
It does not unless you specify the route for each client/subnet. See