VPN Bonding

From BE Usergroup Technotes
Revision as of 19:39, 11 May 2009 by Drsox (Talk | contribs)

Jump to: navigation, search

Does your server in <Insert data center name here> have the ability to have a spare (or two if you don't want double-nat) ip and can it run vmware server?

If so that's the server side happy.

Secondly do you have a machine in your house that can run another vmware virtual machine to do the vpn bonding..

You then need a "load balancer" (another machine running pfsense or zero shell) to split the two vpn streams down each line [so that machine needs two NICS].

Thats the most challenging part - the rest is configuration which is easy now I can tell you what I did ;)

My setup is based on ZeroShell.

Setup of the Server and prerequisites

First off, get two ZeroShells running and passing traffic via something which can direct specific destination port traffic down two different lines.. for example pfSense.

Add two VPN's on your server without IP's assigned to them:

Farend3.png

Farend4.png

Make sure you BOND Them! So go to the Setup--> Network section and click Create New Bond and select the two VPN's.

At this stage you may want to add an IP address to the BOND or do as I did... I then BRIDGED my ones with the servers ethernet so I could have a public IP at my house via the VPN.. however you could skip this step and do double-NAT or bridge at the "house" so your server is an extension to your lan:

Farend1.png

In my case (as the server does not do the NATTING and my VPN has a public IP I do not need NAT on:

Farend2.png

Setup of the Client (server in your house)

Add the two VPN connections again but this time as clients

Nearend5.png

Nearend6.png

Then add them to a BOND and add an IP address to it (For my use, this was the public IP address I was to assume at my datacenter:

Nearend1.png

Enable NAT on the interface:

Nearend2.png

Add DNS Forwarder Servers under the DNS section on the left

Nearend4.png

Enable the Net Balancer option and add the default gateway (either in my case, the datacenters gateway IP, or the IP of your server ZeroShell [and make sure NAT is enabled on the server too!])

Nearend7.png

Go into the Net Balancer rules and make sure that you send all traffic (other than anything you want to NOT go down the VPN (see my other rules to force it via my normal router)) down the VPN tunnel:

Nearend8.png

Here is an example of the port forwarding setup I have too:

Nearend3.png

Personal tools