Author Topic: Multi WAN Load Balancing -- Is this both allowed and possible?  (Read 7846 times)

4eak

  • Guest
Multi WAN Load Balancing -- Is this both allowed and possible?
« on: November 20, 2010, 06:17:13 AM »
Unfortunately, I have serious bandwidth caps. I want to bind together at least 2 entirely different connections (same ISP; two ISP accounts; two cable modems) and load balance (perfect for something like torrents). From what I understand, there are many ways of doing this. Rather than pay money for another router, I'm thinking about using a software solution, e.g. http://bora.bilg.in/blog/04/multi-wan-load-balancing-under-windows-with-pfsense.  I've also read that Win7 itself might be capable of load balancing, but I'm not positive.

I want to know first: is it possible to load balance a single session of OpenVPN over two different connections? I think it would go something like this:

Box with OpenVPN <--> Load-balanced Routing (via Router/Virtualized/2nd Box)<--> Connection 1  <--> BolehVPN <--> Internet
                                                                                                                              <--> Connection 2  <-->

Would it be different if the Router itself (e.g. PfSense) was equipped with OpenVPN?

If possible, are there any particular methods I need to use? What are they?

Most importantly, if it is possible, does BolehVPN allow this? From what I understand, two sessions of OpenVPN can be used from behind the same router in my own home using the same BolehVPN account. This is different because if it somehow did work (I'm doubtful), then BolehVPN is going to see me connecting from two entirely different IP addresses for the same OpenVPN session. It would be only one session though.



peace,
4eak


« Last Edit: November 20, 2010, 11:36:51 PM by 4eak »

Offline PitBoss

  • Administrator
  • Admiral
  • *****
  • Posts: 1250
Re: Multi WAN Load Balancing -- Is this both allowed and possible?
« Reply #1 on: November 21, 2010, 09:07:54 AM »
You can use pfsense to directly connect to the server. Bonding means you have more than one connections active at the same time and your load balancing will divert traffic to whichever channel as per your settings. Logically openvpn will not be able to support more than one connection using the same activation key to the same vpn server, unless pfsense has a built-in feature that support different key assignment for each channel OR each channel is assigned a different vpn server.

Co-Founder / Administrator

4eak

  • Guest
Re: Multi WAN Load Balancing -- Is this both allowed and possible?
« Reply #2 on: November 21, 2010, 10:04:24 AM »
Interesting. Thank you for the reply.

I take it that the reason that OpenVPN logically can't support more than one connection using the same key to the VPN server is because a server for any secure tunnel expects the same IP address from the client, yes? So, if I run OpenVPN with the same key on two different computers behind my home router, I've essentially created two different tunnels, maintaining the same IP address for each tunnel, so it can be logically supported (assuming the server allows the key to be logged on concurrently for more than one tunnel). Whereas in the hypothetical I had asked about, the client's end of the tunnel would not maintain the same IP address, and that simply isn't allowed in the OpenVPN protocol, eh?

As it would be unfair to expect that I could have multiple concurrent tunnels using the same key from different IP addresses (how would you know the second IP address was really me and not a buddy of mine, eh?), this means I need to buy another account and load balance across two individual tunnels, one tunnel for each hard-line connection, yes? I'm pretty sure a single instance of pfSense can handle this, from what I've read. If it can't, I can just run 1 VMed pfSense for each OpenVPN tunnel, and then bond them with another VMed Pfsense for loadbalancing.

Do I have this right? Sounds like a good plan?


peace,
4eak
« Last Edit: November 21, 2010, 10:18:38 AM by 4eak »