How To Prepare VPN VLAN for Upgrade

by Rian

In my previous post on how to setup VPN VLAN, I discussed the methodology of setting one for the first time. Now that it’s near Black Friday of 2024, some of the VPN providers have already started pre Black Friday sale in October. No doubt consumers are shopping for which service is right for their needs, and which one is the most affordable; it also means, you might be switching the provider entirely.

Preface

In my experience with the upgrade, there were two immediate problems. One, the providers do not necessarily disclose what applications are blocked on their VPN network. For example, some providers block BitTorrent or Tor traffic on their network. While both technologies are known for other infamous usage, they can be used within the ethical and legal guidelines; technology itself is neutral. But if the VPN does not allow such traffic, you may want to look for alternative providers.

The more technical issue on hand is protocol availability and compatibility. Most VPN providers only offer GUI version of their app on Windows, macOS, and perhaps for smartphones. Either the providers don’t offer Linux app at all, or the CLI apps offered for Linux distros are not well maintained. But with the proprietary protocols some of the providers are known for, (e.g. Lightway from ExpressVPN, NordLynx from NordVPN) one may wish to use these apps for the exclusively available protocols. However, my experience with the VPN apps offered by the providers tells me they are often unreliable or unsuitable for the purpose of creating a VLAN.

Which leaves us with OpenVPN and WireGuard, but WireGuard is simply not an option. Most VPN providers do not support manual WireGuard connections, (i.e. only their apps offer WireGuard capability), and since OpenVPN is not only tried and trusted by many, there are other resources available for OpenVPN.

Instructions

First, let us assume you are using OpenVPN client by following the previous post. This allows us to simply switch the .ovpn file that the client is using upon the start up. The new file must be from the provider of your choice, (or the new server of your choice) and you will need a separate OpenVPN authentications (likely a username and a password pair) updated in the login as well.

1. Via terminal, disable currently running OpenVPN client service: sudo systemctl stop openvpn-client@[openvpn-config]
2. Now simply replace the config file with the new one, (same name) and the login file with the new one (ditto).
3. Restart the OpenVPN client: sudo systemctl restart openvpn-client@[openvpn-config]
4. (opt.) If you are running additional proxy servers, such as dante, it may need to be restarted as well.