VPN Bonding

From BE Usergroup Technotes
Revision as of 15:06, 16 August 2010 by 123.236.244.57 (Talk)

Jump to: navigation, search

Do you have two BE (or other ISP!) lines and wish to merge them so they appear like just one?

Does your server in <Insert data center name here> have the ability to have a spare (or two if you don't want double-nat) ip and can it run vmware server?

If so: that is the server side happy.

Secondly do you have a machine or ALIX box in your house that can run another vmware virtual machine to do the vpn bonding..

You then (may) need a "load balancer" (another machine running pfsense or zero shell) to split the two vpn streams down each line [so that machine needs two NICS]. There are two things I could have done to avoid the need for a pfSense box.. used an internal IP for the VPN's public IP, or used two IP's for the VPN Server.. see my notes at the end about subnets and my own requirements.

Thats the most challenging part - the rest is configuration which is easy now I can tell you what I did ;)

My setup is based on ZeroShell.

PzaLce <a href="http://bdybxrbbywmn.com/">bdybxrbbywmn</a>, [url=http://hasojjasxkiz.com/]hasojjasxkiz[/url], [link=http://xqusrvcweotw.com/]xqusrvcweotw[/link], http://wbhptkohhsys.com/

Setup of the Client (server in your house)

Add the two VPN connections again but this time as clients

Nearend5.png

Nearend6.png

Then add them to a BOND and add an IP address to it (For my use, this was the public IP address I was to assume at my datacenter:

Nearend1.png

Enable NAT on the interface:

Nearend2.png

Add DNS Forwarder Servers under the DNS section on the left

Nearend4.png

Enable the Net Balancer option and add the default gateway (either in my case, the datacenters gateway IP, or the IP of your server ZeroShell [and make sure NAT is enabled on the server too!])

Nearend7.png

Go into the Net Balancer rules and make sure that you send all traffic (other than anything you want to NOT go down the VPN (see my other rules to force it via my normal router)) down the VPN tunnel:

Nearend8.png

Here is an example of the port forwarding setup I have too:

Nearend3.png

Splitting the traffic down two BE lines

EDIT: I have since removed pfsense and purchased a second IP for my ZeroShell Server at my datacentre.. so I now only have one box (My router ZeroShell) at home! However it appears that for some reason it will only send the traffic down different gateways when the VPN type is set to TCP. When set to UDP it appears to send both streams down one WAN! Keep an eye out for that problem!

PREVIOUSLY: Due to the way I wanted my VPN to have a public IP, and the fact that the IP the ZeroShell box would get is within the SAME subnet as the vpn server it needed to connect to.. I couldn't tell the ZeroShell how to connect, without a static route. A static route is fixed to one WAN.. so I then lost the whole point.. Using both my lines!. I did not want to use TWO IP's for the VPN server with two static routes, generally because I have a limited number of IP's I can use at my datacenter.

So I have to use another box.. a dual WAN'd pfsense box, to split the traffic down both my Be* lines

Splitter1.png

Personal tools