No announcement yet.

[request] Dynamically adjust tunnel endpoint based on VPN load level threshold

  • Filter
  • Time
  • Show
Clear All
new posts

  • [request] Dynamically adjust tunnel endpoint based on VPN load level threshold

    The Arista/Untangle TunnelVPN could be better. There are public implementations that continuously sample the OpenVPN tunnel load (as provided by the VPN service provider) to adjust the OpenVPN tunnel endpoint to use a less loaded server. NordVPN would probably pay for co-development for partnership or branding rights -- your marketing team will know.

    What's the problem? Why is this needed?
    Arista's Tunnel VPN tunnels die periodically or the service being run over them fails due to lack of tunnel capacity. The VPN service provider (e.g. NordVPN) has multiple clients sharing a server with server loads varying minute-by-minute. If a single server (e.g. at NordVPN) hosting the opposite end of the Arista Tunnel VPN becomes heavily loaded and your service is streaming video to that shared server, then there are dropped frames and eventually dropped connections. In the worst case, the service provider's server hangs and my Arista Tunnel VPN drops the connection. Hopefully the Arista/Untangle TunnelVPN resumes, but often enough it doesn't.

    Having a continouous sample of the service provider's server load (via API) gives an opportunity to reset the Tunnel VPN to use a different service provider endpoint. This is a minor service disruption (a few dropped video frames) vs a service outage.

    The following sample code for the key function using NordVPN as the example:

    . /app/ --source-only
    nordvpn_hostname=$(cat /tmp/nordvpn_hostname)
    server_load=$(curl -s $SERVER_STATS_URL$nordvpn_hostname | jq -r '.[]')
    #Check serverload value is not empty
    if [ -z "$server_load" ];then
        echo "$(adddate) ERROR: No response from NordVPN API to get server load. This check to restart OpenVPN will be ignored."
        exit 1
    #Check serverload with expected load
    if [ $server_load -gt $LOAD ]; then
        echo "$(adddate) WARNING: Load on $nordvpn_hostname is to high! Current load is $server_load and expected is $LOAD"
        echo "$(adddate) WARNING: OpenVPN will be restarted!"
        pgrep openvpn | xargs kill -15
        echo "$(adddate) INFO: The current load of $server_load on $nordvpn_hostname is okay"
    Stepping back, the complete implementation is available here as a docker implementation to provide the complete context. Feel free to experiment and play with it to adapt what is needed for an improved Arista/Untangle TunnelVPN.

    A huge thank you when implemented on Arista/Untangle.

  • #2
    Thanks. Would be nice but would need to work for other vpn's too. Would be best to do it as a plugin. But that will probably never happen. There is a feature request page. If it gets 1000 likes they might think about it. If it is not too hard.

    Sorry to burst the bubble.