    Hi, I’m working with a bonded vpn connection and I’m experiencing what I would consider to be some unusual behavior.

    Here is the configuration:

    site A:

    1 internet connection – 1 static ip address
    2 vpn servers
    1 bond (bonds the 2 vpn connections)

    site B:

    2 internet connections configured with net balancer
    2 vpn corresponding vpn clients (that connect to site a). Each one connects through a specific net balancer route (to ensure that 1 internet connection will be used for each of the vpn connections)
    1 bond (bonds the 2 vpn connections)

    As you can see I have a bonded vpn connection between two sites. The problems start when one of the internet connections go down at site b. When one of the internet connections goes down one of the vpn connections goes into a connecting state. It will continue to remain in the connecting state until the corresponding internet connection is active again. During that time, terrible vpn performance is associated (missing packets).

    If the vpn connection at site b that is associated with the faulty internet connection is disabled, the bond will work correctly over the 1 remaining vpn connection. If the vpn connection is allowed to connect through the other route, the bond will continue to work correctly.

    I’m looking for suggestions on how I can get this fail-over to work right. There seems to be two answers, neither of which I know how to implement:

    1. find a way to set the vpn connection at site b to be disabled if the underlying internet route is faulty — and re-enable when it is working again

    2. find a way to have a preferred route for a vpn connection without limiting to one single route.

    (to give you an idea of the troubling performance that I get when one vpn goes to a connecting state at site b: maybe 1 out of 5 pings will have a reply: udp (voip example): incoming audio will be very comprehensible but literally every other packet will be missing–I don’t know what outgoing audio sounds like. I received a voicemail which was not real-time so it just shoved all of the packets that were received together for the audio file — it sounded like it was being fast-forwarded without raising the pitch.)


    I came across at least two other problems while I was trying the same setup as you are. I found that while the two VPNs and the bond are running properly, all ACKs were being sent up both VPN tunnels which created double the uploads and hence, too much upload bandwidth for me to saturate my download capacity. I also could not get port forwarding to work with dual WAN on zeroshell. I think the problem there was that it was not replying to the incoming connection on the same WAN interface.

