OpenVPN use another port if default is blocked


I have two OpenVPN servers listening on two different ports. The first one, which the client should try to connect to, is listening on default port 1194 UDP. The second one, used if networks have firewall, is listening on port 443 via TCP.

How to configure the client file correctly if:

  1. The client should try the faster 1194 UDP-server first and
  2. if the port 1194 is blocked switch to server 2 with port 443 over TCP after 5 seconds.

Currently I've added the following two lines to my client config, but the client only switches to server 2 after 2 minutes with error

TCP: connect to [AF_INET]SERVERIP:1194 failed: Unknown error

My current lines in the config:

remote serverip1 1194
remote serverip2 443
keepalive 2 6
resolv-retry 2

How to make this timeout shorter?

Best Answer

You are also ofirget to define protocol with the port. It should look similar to:

    remote serverip1 1194 udp
    connect-timeout 5
    remote serverip2 443 tcp
keepalive 2 6
resolv-retry 2

server-pool-timeout / connect-timeout has default 120s what is the time you are facing. The informational line about giving up of connection and trying another one will the most probably appear in the log but it would try another connection definition... Are you sure 5s is enough for you ?

Please note that there would be also other options. I made a focus on the core of the question and update the part of config you have provided...

For more detail see(e.g. OpenVPN 2.4 Man Page).