New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Special Routing + Dual WAN
Hi!
I have a question if this setup is possible or not, and maybe how to do the routing for this.
I have 2 LTE internet connections, and a fanless home server with 2x LAN (+1 USB LAN), and a VPS (with openvpn).
I want to create a special routing for my home, and I'd like to ask if it's possible?
First the server should connect to the 2x LTE routers to have a Dual WAN connection.
Then, the server should connect to a single VPN server on my VPS and multi-link the dual wan connections into a single, higher speed connection.
Then the home server should share this connection with all my connected appliances, except:
- Some specific MAC addresses should connect / reach the internet directly, without a VPN connection
Also is it possible to link maybe 3 or more internet connections for the same purpose?
Thank you!
Comments
Possible and easy, if you accept that any single TCP connection (e.g. downloading a file) will only go through one of the uplinks, and so will be limited by its bandwidth. If there are more TCP connections at the same time, those can get balanced onto the other, and will not interfere with yours.
In fact you don't need the VPS in such setup, if you ignore the fact that you will access websites randomly from the 2 or more IPs. Most websites should be fine with that and won't log you out or the like.
On the other hand if you want every single connection to utilize both uplinks at the same time, in theory that's also possible, but I'm not sure how well that will work with LTE (or over the internet in general), considering that it has a somewhat high and likely varying ping. TCP gets unhappy when its packets arrive out of order, and the speed will fall dramatically. Google for: round-robin bonding (in your case over two tunnels).
"Some IP addresses" and yes definitely possible. MAC addresses should be doable too.
It does not matter if two or more, the way you set it up stays the same.
Speedify does it (never tried it my self though).
@rm_ wouldn't the fact that he wants to use a (probably UDP based) VPN pretty much remove all the TCP problems? Maybe i am missing something but i guess it's possible to configure the VPN server to not care about the source IP. I mean it's UDP afterall and relying on the source IP would be stupid anyways. Even if that does not work having some iptables voodoo just rewrite the source IP of every packet hitting port X to something static seems not that far fetched leaving only the question of how to configure routing to equaly split VPN packets over the two uplinks.
You download from remote websites over TCP anyway over this VPN. Good that the VPN is UDP, but that only avoids you TCP-over-TCP class of issues (a whole different story).
But even with TCP-over-UDP, if half of the UDP stream goes over one connection, the other half over the other, and these have differing latencies and varying momentary throughputs (and both are guaranteed to be the case with LTE), you will start getting packets out of order. Basically, one half's (odd or even) packets will arrive earlier than their counterparts from the other -- and TCP freaks out at that and kills the transfer rate.
Here, I don't follow what you're trying to say, and if it's related to what I answered above.
If you want to split per-connection, that's done with multiple gateways of the same weight for a route.
For splitting per-packet, dunno if there are simpler ways, but one is to set up link aggregation (bonding) in round-robin mode across two tunnels.
What i was trying to say is that in case of having the traffic go over a UDP based VPN the VPN server would be left to clean up the mess of out of order packets so protocols being routed through the VPN should never notice. Admittedly i have no idea if in practice it still kills performance.
Edit:
That basically means to configure the VPN server in a way to not care from which uplink the packet originated and just treat it like it came from the same source IP. Rationale being that source IP does not mean a whole lot in UDP anyways.
There aren't any good-working open source solution as for now.
There are MLVPN and mptunnel, but they are far from perfect.
Try Multipath TCP. It would require custom kernel on both server and client, so you can't run it on OpenVZ.
Bonding is the worst solution, as it's intended to be used for the very same links in terms of speed and latency, which different LTE links are definitely aren't.
Don't want to pillage through an old thread, but if you're still in need for a solution, I'd recommend https://www.openmptcprouter.com which I'm using myself for a very simular use case. (DSL+LTE) Works as expected.
Haven't fully read all responses, but setting up two tunnels and then bonding them together is pretty straightforward and possible. The VPS needs to NAT to the outer world and you're fine.
Basically like that:
router-home < -- BOND - Tunnel (1/2) -- > VPS
You'd need to have each tunnel go out over an unique modem / "LTE router". That means, you'd likely end up with matching UDP ports and do policy routing on router-home, or you simply allocate two IPs on your VPS.