Reply To: Zeroshell Lan to Lan VPN bonding to CentOS server?

Home Page Forums Network Management ZeroShell Zeroshell Lan to Lan VPN bonding to CentOS server? Reply To: Zeroshell Lan to Lan VPN bonding to CentOS server?

#47379

gcams
Member

I thought I’d post a quick update, now that I’ve given this setup a go.

I’ve managed to get reasonable load balancing/fail over using Zeroshell to a Centos V5.1 box (running OpenVPN). However I have struck a few challenges.

On the Centos box, I’ve simply created two layer 2 virtual adapters (tap0/tap1) and have used the bonding module to bond these together in mode 0 (fail over + round robin load balancing).

On zeroshell, I’ve followed the guidelines for configuring layer 2 bonding in the net balancing section. I have 2 3G USB modems on two different networks (3 and vodafone), and each VPN config is assigned to each respective PPP adapter for the above modems.

The problem is, this works fine initially, when the VPN’s first dial up (i.e. they connect via their respective modems), however when a simulated failure takes place, the VPN on the failed PPP adapter re-connects via the other adapter (thus ignoring the setting saying to only connect via the set PPP adapter). This caused two problems.. one it causes packet loss whilst the packets are round-robined across the downed VPN, until it re-negotiates across to the remaining working link, and two, when the failed PPP adapter comes back up, the VPN remains connected on the alternate adapter (so there are effectively two vpn tunnels going down the one interface and nothing on the other).

I’ve managed to work around this by disabling net balancer, and using static routes to force each VPN to remain on each adapter, regardless (which uses the bonding failover to provide resilience). But this requires 2 IP’s on the Centos box (which is acting as the server). I’m not sure if anyone can shed any light on this behavior? Basically the Net Balancer seems to be causing issues with the fail-over/load balancing of the bonded interface.

in general though, I’m really impressed with how versatile Zeroshell is!! Many thanks fulvio!!!! 😀