Bonded VPN Routing Issues [SOLVED?]

Home Page Forums Network Management Bridges and Routers Bonded VPN Routing Issues [SOLVED?]

This topic contains 0 replies, has 0 voices, and was last updated by  pntz 1 year, 7 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #44772

    pntz
    Member

    Greetings,

    I’m new to Zeroshell and a network novice, so pardon me if the solution is obvious.

    Background:
    -I have two Zeroshell instances established: a dedicated server at home and a VPS at a nearby data center.
    -The VPS instance has one public IP on one interface.
    -I have 3 DSL modems at home, w/ PPPoE setup in Zeroshell and 3 VPN LAN-to-LAN links up and functioning to the VPS instance. Each is on its own port on the VPS and the Gateway is specified for different PPPoEs on my side.
    -The 3 VPNs are bonded on both sides.
    -All the PPPoEs, VPNs, and the BOND are indicating up.
    -I have 10.10.10.0/24 on home LAN interface.
    -I have 10.10.10.2 on home side bond and 10.10.10.1 on VPS side bond, both w/ 255.255.255.0 subnet.
    -I’m using Net Balancer w/ 4 Gateways showing. The 3 PPPs and a 10.10.10.1. The 3 PPPs are weighted 1 w/ a 99 weight for the 10.10.10.1.
    -I have NAT enabled for the 3 PPPs.
    -I have Host-to-LAN OpenVPN setup on VPS instance which is working as desired.

    Problem:
    I have the 3 PPP Gateways enabled in Net Balancer, and I’m able to access the internet through them, but not the VPNs/BOND. If I enable the 10.10.10.1 Gateway in Net Balancer (so, all 4 enabled w/ the weights mentioned above), nothing seems to move past my home Zeroshell server (10.10.10.2).

    Troubleshooting done so far:
    -If NAT is enabled for the BOND on my home side, I can access 10.10.10.1. If NAT is disabled, I cannot. In either case, I’m unable to access anything past 10.10.10.1 on the VPS instance (e.g. the rest of the internet)
    -When the 10.10.10.1 is active in Net Balancer, routing tables show what I expect: 0.0.0.0/0 for all 4 w/ weighting indicated.
    -I’ve tried adding a BOND Gateway in Net Balancer and using that instead of the 10.10.10.1.
    -I’ve both established and removed a Net Balancer balancing rule to send all destined for 0.0.0.0/0 over the 10.10.10.1 and BOND interface.
    -Tried enabling RIP on both sides. When enabled on home side, caused VPNs to go down.

    Home Routing Table +/- depending on Net Balancer activation:
    Destination Netmask Type Metric Gateway Interface Flags State Source
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp0 U Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp1 U Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp2 U Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.99 BOND00 U Up Auto
    10.10.1.0 255.255.255.0 Net 0 none ETH01 U Up Auto
    10.10.10.0 255.255.255.0 Net 0 none BOND00 U Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp0 UH Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp2 UH Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp1 UH Up Auto

    VPS Routing Table:
    Destination Netmask Type Metric Gateway Interface Flags State Source
    DEFAULT GATEWAY 0.0.0.0 Net 0 xx.xx.xx.xx ETH00 UG Up Static
    10.10.10.0 255.255.255.0 Net 0 none BOND00 U Up Auto
    10.10.11.0 255.255.255.0 Net 0 none VPN99 U Up Auto
    xx.xx.xx.xx 255.255.254.0 Net 0 none ETH00 U Up Auto

    Ideal situation:
    -NAT occurs at VPS instance for all traffic.
    -BOND VPNs serve as primary Gateway for home, so all traffic is routed through VPS instance.

    What do I need to do to make my “ideal situation” occur?
    All help is much appreciated.

    Solution?

    I now have packets routing as desired, so I thought I’d share what I did. I’m not confident it’s the optimal solution, so suggestions are greatly welcomed.

    Working state:
    -Increased the subnet on the VPS side of the BOND to 255.255.0.0 to allow that router to access the entire home side network.
    -Added bridges between both the |home internal & bond interface| and |VPS bond & external interface|.
    -My only NAT is now on the VPS BRIDGE interface.

    Home Routing Table:
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.99 10.10.10.1 BRIDGE00 UG Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp0 UG Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp1 UG Up Auto
    DEFAULT GATEWAY (LB) 0.0.0.0 Net W.1 ppp2 UG Up Auto
    10.10.1.0 255.255.255.0 Net 0 none BRIDGE00 U Up Auto
    10.10.10.0 255.255.255.0 Net 0 none BRIDGE00 U Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp0 UH Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp2 UH Up Auto
    xx.xx.xx.xx 255.255.255.255 Host 0 none ppp1 UH Up Auto

    VPS Routing Table:
    DEFAULT GATEWAY 0.0.0.0 Net 0 xx.xx.xx.xx BRIDGE00 UG Up Static
    10.10.0.0 255.255.0.0 Net 0 none BRIDGE00 U Up Auto
    10.11.1.0 255.255.255.0 Net 0 none VPN99 U Up Auto
    xx.xx.xx.xx 255.255.254.0 Net 0 none BRIDGE00 U Up Auto

    All seems to be working as desired w/ traffic from home network going through bonded VPNs to VPS and beyond w/ only one NAT designated.
    Let me know if there are areas I could make it better. Thanks.

    #54414

    pntz
    Member

    Had to block UDP ports 67 & 68 since VPS provider’s DHCP was causing mayhem.
    Threw in some stateful firewall rules for good measure w/ DROP default. Should have thought of such earlier.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.