I am working on something very similar with two bonded vpn lan-to-lan tunnels.
My virtual private server (some datacenter) is running my zeroshell vpn server, single public IP on eth00 74.x.x.x, default gateway 74.x.x.1, so I have its public interface eth00 nat’d, It has two vpn tunnels in server mode and the vpn bond has an IP 10.10.20.1. This is it’s “lan” interface/IP.
My local zeroshell install has eth00 with IP 192.168.6.1 (lan with all the computers), eth01 with two IPs and two gateways in the net balancer page for my two DSL routers on the same physical media but separate subnets, two vpn tunnels in client mode each set to use their own gateway and those two tunnels bonded with IP 10.10.20.10. Eth01 and bond00 are both nat’d.
Normal netbalancing/loadbalancing is working pretty good. Some balancing rules are also working (directing certain destination ports through their respective DSL connection). I also have a couple static routes set for two particular public IPs, each on their own DSL connection for connection uptime monitoring from my desktop (pings).
In my case, I wanted to start with sending only traffic for certain destination ports or IPs through the VPN bond. So I added a disabled gateway in the netbalancer for 10.10.20.1, the vpn server’s bond00 IP, and added a balancing rule for that my special dest port with 10.10.20.1 as the gateway but that does not seem to work.
I also cannot get port forwarding to work from my zeroshell’s public IP back through the vpn bond to my desktop PC. Zeroshell’s NAT page lingo confuses me but I believe both eth01 and bond00 on the zeroshell client should be nat’d. It is my understanding that the nat enabled interfaces should the “public” or wan interfaces.
I tried leaving my two netbalancer gateways in the list but disabling them and setting a single default gateway pointing at my zeroshell server’s bond IP of 10.10.20.1, it was no good.
I read here https://www.zeroshell.org/forum/viewtopic.php?p=4784&sid=dfb93fcdfcb7705a431da9333e773728 that zeroshell is configured to only use TAP tunnels and may need tweaking to route to them instead of bridging but I don’t know how the bond plays into that. I originally tried bridging my local/client zeroshell’s bond00 with it’s eth00 and assigning my VPS zeroshell’s bond IP to something on the same subnet and then using that IP for my computer’s gateway but I don’t like the lan traffic on the vpn bond and that didn’t let me selectively route certain traffic down the bond.