How to Simultaneously Connect Multiple OpenVPN Clients on Windows 7 for Multi-Server Access


1 views

Working remotely often requires accessing multiple servers through different VPNs. Constantly switching between OpenVPN connections disrupts workflow efficiency. Here's how to maintain simultaneous connections to 3-4 VPNs on Windows 7 with a single NIC.

Windows allows creating multiple virtual TAP adapters - one for each VPN connection. The key is proper configuration of:

# Sample OpenVPN config for secondary connection
client
dev tap2
proto udp
remote vpn2.example.com 1194
route-nopull
route 192.168.2.0 255.255.255.0

1. Install Multiple TAP Adapters:

# From command prompt (admin):
"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0902

2. Configure Individual .ovpn Files:

# First VPN (primary)
dev tap
proto udp
remote vpn1.example.com 1194

# Second VPN 
dev tap2
proto udp
remote vpn2.example.com 1194
route-nopull
route 10.8.0.0 255.255.255.0

To prevent routing conflicts, manually specify networks for each VPN:

# Route commands for second VPN
route add 10.8.0.0 mask 255.255.255.0 10.8.0.5
route add 192.168.1.0 mask 255.255.255.0 10.8.0.5

Create a batch file to automate connection sequence:

@echo off
start "" "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect config1.ovpn
timeout 10
start "" "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect config2.ovpn
timeout 10
route print > current_routes.txt

DNS Conflicts: Configure DNS servers per connection using:

dhcp-option DNS 8.8.8.8
register-dns

Adapter Priority: Adjust metric values in network adapter settings to control traffic flow priority.

When running multiple VPNs:

  • Disable IPv6 on all TAP adapters
  • Enable firewall rules for each VPN interface
  • Monitor routing tables for leaks

For advanced users, consider using Windows namespace isolation:

# PowerShell commands
New-NetNamespace -Name VPN1
Add-NetNamespaceMember -Name VPN1 -InterfaceAlias "Ethernet 2"

When working with multiple remote servers that each require VPN access, constantly switching between OpenVPN connections becomes inefficient. The fundamental issue lies in Windows 7's network stack limitations and how OpenVPN typically handles routing tables.

Three primary obstacles emerge when attempting simultaneous VPN connections:

  1. Default gateway conflicts when multiple VPNs attempt to modify routing tables
  2. Potential IP address range overlap between different VPN networks
  3. Windows 7's single default route limitation for network interfaces

The solution involves creating separate routing policies for each VPN while preventing route conflicts. Here's the step-by-step approach:

1. Configuring Separate TAP Adapters

First, install multiple TAP adapters by running the OpenVPN installer multiple times:

openvpn-install-2.4.12-I602.exe /SELECT_TAP=1

Verify installation in Device Manager under "Network adapters" - you should see multiple "TAP-Windows Adapter V9" entries.

2. Configuring Individual VPN Profiles

For each VPN connection, create a separate .ovpn file with these critical modifications:

dev tap0  # or tap1, tap2 for subsequent connections
route-noexec
script-security 2
route-up "C:\\path\\to\\route_script.bat"

3. Route Management Script

Create a batch script (route_script.bat) to handle route additions dynamically:

@echo off
set VPN_NETWORK=%1
set VPN_GATEWAY=%2

route delete %VPN_NETWORK%
route -p add %VPN_NETWORK% mask 255.255.255.0 %VPN_GATEWAY% metric 2

When dealing with overlapping IP ranges across VPNs, consider these additional measures:

Namespace Separation

For Linux-like environments, network namespaces would be ideal, but on Windows 7 we can simulate this with:

start /MIN openvpn --config client1.ovpn
start /MIN openvpn --config client2.ovpn

Advanced Routing Example

For a server at 192.168.1.100 accessible via VPN2 (tap1), add a specific host route:

route add 192.168.1.100 mask 255.255.255.255 10.8.0.1 if 15

Where 'if 15' corresponds to tap1's interface index (find this using route print).

Implement these checks to ensure stable multi-VPN operation:

  • Regularly verify routes with route print
  • Check for DNS leaks using each VPN's IP
  • Monitor interface metrics with netsh interface ipv4 show interfaces