www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Bonding VPN Connections

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Sat Jun 16, 2007 8:24 am    Post subject: Bonding VPN Connections Reply with quote

Hello, Please excuse my ignorance, but could someone please explain in detail how the bonding of several vpn connections works.
I assume that you have to have several internet connections, and a vpn tunnel created over each, then bond the vpn connections. What I don't understand is what happens at the other end. if I had 4 adsl lines, 4 vpn connections and bond the 4 vpn's into 1 pipe, at the other end we have a server on the internet with a 100Mb/s connection, running openvpn. how do I get that machine to bond the 4 incomming tunnels ??

This is all assuming that the bonding works by creating one big fat pipe, so increasing both the upload and the download, and we could have a public block of IP's at our end after the vpn connections/bond.
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Sat Jun 16, 2007 10:55 am    Post subject: Reply with quote

From the ADSL (site A) you must configure 4 VPNs in client mode and remote server the IP address of a ZeroShell Box that you have in the place you have the 100Mbit/s Internet connection (site B).
In the site B you have to create 4 VPNs in server mode. Do not forget to change the UDP/TCP port number (the same for the site A).
Now you must put all the VPN interfaces in a BOND interface from the site A and from the site B.
At this point your BOND interfaces are connected and look like ethernet interfaces: you can assign them IP addresses if you want to use the routing between site A and site B, or bridge them with physical ethernet interfaces if you want to connect site A and site B in layer 2. In latter case you can transport the VLANs too.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Sat Jun 16, 2007 9:51 pm    Post subject: Reply with quote

fulvio,

OK, I understand most of that....apart from ....

>>Do not forget to change the UDP/TCP port number (the same for the site A).

Are you suggesting that each vpn should have a different port number??

i.e,
VPN1 = site A (udp 1194) ---> site B (udp 1194)
VPN2 = site A (udp 1195) ---> site B (udp 1195)
VPN3 = site A (udp 1196) ---> site B (udp 1196)
VPN4 = site A (udp 1197) ---> site B (udp 1197)


Secondly,
Our machine with the 100Mb/s connecion is a Windows Server. I cannot put another machine there at the moment, however I have lots of IP's allocated to this box, so I could run ZeroShell within VMWare on the Windows server. The question is....have you any idea how I could get the ZeroShell image to work within VMWare?

Cheers
Back to top
View user's profile Send private message
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Mon Jun 18, 2007 3:41 pm    Post subject: Reply with quote

Fluvio,

when I try to add an IP to the Bond, I get the following error....
>> Jun 18 16:34,47 ERROR: IP x.x.x.158/255.255.255.0 not added to BOND00 : x.x.x.0/24 overlaps x.x.x.0/24 (ETH00)

so it appears that it won't let me assign an IP out of our block to the bond if the IP is within the same subnet as the IP on eth0......but why ???
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Mon Jun 18, 2007 8:13 pm    Post subject: Reply with quote

It is a policy that I wanted. I think that configuring two interfaces in the same or overlapped subnet is not a good practice. But are you sure you really need that configuration? A better solution could be bridge the ETH00 and BOND00 interfaces and assign the IP x.x.x.158 to the BRIDGE00.
Back to top
View user's profile Send private message Send e-mail
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Mon Jun 18, 2007 8:22 pm    Post subject: Reply with quote

Yup, realy needed.

this box is bieng configured so that several sites can create bonded connections to the internet, bridging ot eth0 is not an option.
Can I create this manually??
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Mon Jun 18, 2007 8:49 pm    Post subject: Reply with quote

I do not understand your setup, but in any case you can try with
ifconfig BOND00 x.x.x.158 netmask 255.255.255.0

Could you post a diagram of the network topology you want to obtain?

Fulvio
Back to top
View user's profile Send private message Send e-mail
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Fri Jun 22, 2007 12:53 pm    Post subject: Reply with quote

Fluvio,

I'm having some issues here and hope you can shed some light on the subject for me.

What we need is the following..

1. Zeroshell server hosted at a datacenter with a 100Mb/s connection and 32 IP addresses (x.x.x.128 - x.x.x.159)

2. A zeroshell server located at a clients site, connected to the internet by 2 ADSL routers (each have a dynamic public address and do NAT). Router 1 has a 172.16.0.1 LAN addresss, router 2 has a 172.16.0.2 LAN address and ETH0 on zeroshell box is 172.16.0.3 Eth1 on zeroshell is 10.0.0.1 and there are several client PC's with 10.0.0.x addresses which get to the internet through the zeroshell box.

What I want to do is to create 2 vpn's to the hosted server and bond them to get increased bandwidth. I will need to have one of my public addresses ( x.x.x.128) assigned to the zeroshell server at the client site so that we can feed smtp traffic etc into their exchange server.

I have managed to create the vpn's and to bond them, however I am now having issues when I try to assign an IP to the zeroshell box at the client site. I think it is to do with routing as I only have a single block of 32 IP's to play with.

Is what I'm after possable?? Currently I have the vpn's and the bond setup but can't route any traffic up/down the bonded connection.

Any help would be appreciated, and if you could give example IP structures etc, that would be great.

Cheers
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Fri Jun 22, 2007 9:47 pm    Post subject: Reply with quote

You cannot assign x.x.x.128 to the BOND00 at the client site, because this IP address belongs to the server site x.x.x.128/27 subnet. If you do it then routing tables will be not valid. Futhermore x.x.x.128 is not a host IP but is your network address. The valid IPs are in the range x.x.x.129-x.x.x.158 (x.x.x.159 is the broadcast).
The only possibility to do what you want is to use the bridging at the server site. If for example, at the moment you have assigned to the ETH00 the public IP x.x.x.158 you need to encapsulate ETH00 in the BRIDGE00 and then assign x.x.x.158 to the BRIDGE00. If you use the "Create Bridge" function of the console, the migration of the IP (ETH00->BRIDGE00) is automatically performed.
After the BOND00 (server site) is created you just have to insert it in the BRIDGE00.
Now at the client site you can assign to the BOND00 an IP of the subnet x.x.x.128/27.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
StevenJohns



Joined: 16 Jun 2007
Posts: 22

PostPosted: Mon Jun 25, 2007 10:10 am    Post subject: Reply with quote

Cool,

Will try this.

Whth reference to the IP's, I think you misunderstood my last post, we actually have ip's x.x.x.1 > x.x.x.254 but most of them are already being used. I can plal with x.x.x.128 > x.x.x.159 as they are currently not assigned to any machine. Our subnet is actually 255.255.255.0

IP addressing aside, the concept should work. I will post the results back later.

Cheers
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Mon Jun 25, 2007 9:21 pm    Post subject: Reply with quote

Ok, now your network configuration is clearer.

Fulvio
Back to top
View user's profile Send private message Send e-mail
biblexy



Joined: 18 Jun 2010
Posts: 1

PostPosted: Mon Jun 21, 2010 7:05 am    Post subject: Reply with quote

How do I connect to Skype using a VPN? I just connected to my uni's VPN, and everything except for Skype and AIM works perfectly. Skype and AIM won't even let me log in. I've tried changing the proxy settings so that they match my web page settings and changing the ports to match, but it still won't work. Help? Is there any way I can get Skype and AIM to work with VPN?
_________________
out of sight out of mind
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group