www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

bonded vpn failover ??

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
jasonh100



Joined: 12 Feb 2010
Posts: 22

PostPosted: Wed Mar 20, 2013 10:35 pm    Post subject: bonded vpn failover ?? Reply with quote

Hi, I'm working with a bonded vpn connection and I'm experiencing what I would consider to be some unusual behavior.

Here is the configuration:

site A:

1 internet connection - 1 static ip address
2 vpn servers
1 bond (bonds the 2 vpn connections)

site B:

2 internet connections configured with net balancer
2 vpn corresponding vpn clients (that connect to site a). Each one connects through a specific net balancer route (to ensure that 1 internet connection will be used for each of the vpn connections)
1 bond (bonds the 2 vpn connections)

As you can see I have a bonded vpn connection between two sites. The problems start when one of the internet connections go down at site b. When one of the internet connections goes down one of the vpn connections goes into a connecting state. It will continue to remain in the connecting state until the corresponding internet connection is active again. During that time, terrible vpn performance is associated (missing packets).

If the vpn connection at site b that is associated with the faulty internet connection is disabled, the bond will work correctly over the 1 remaining vpn connection. If the vpn connection is allowed to connect through the other route, the bond will continue to work correctly.

I'm looking for suggestions on how I can get this fail-over to work right. There seems to be two answers, neither of which I know how to implement:

1. find a way to set the vpn connection at site b to be disabled if the underlying internet route is faulty -- and re-enable when it is working again

2. find a way to have a preferred route for a vpn connection without limiting to one single route.


(to give you an idea of the troubling performance that I get when one vpn goes to a connecting state at site b: maybe 1 out of 5 pings will have a reply: udp (voip example): incoming audio will be very comprehensible but literally every other packet will be missing--I don't know what outgoing audio sounds like. I received a voicemail which was not real-time so it just shoved all of the packets that were received together for the audio file -- it sounded like it was being fast-forwarded without raising the pitch.)
Back to top
View user's profile Send private message
m_elias



Joined: 07 Nov 2012
Posts: 30

PostPosted: Sat Apr 13, 2013 2:13 pm    Post subject: Reply with quote

I came across at least two other problems while I was trying the same setup as you are. I found that while the two VPNs and the bond are running properly, all ACKs were being sent up both VPN tunnels which created double the uploads and hence, too much upload bandwidth for me to saturate my download capacity. I also could not get port forwarding to work with dual WAN on zeroshell. I think the problem there was that it was not replying to the incoming connection on the same WAN interface.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group