Bonding VPN Connections

Home Page Forums Network Management ZeroShell Bonding VPN Connections

This topic contains 10 replies, has 0 voices, and was last updated by  StevenJohns 9 years, 3 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #40653

    StevenJohns
    Member

    Hello, Please excuse my ignorance, but could someone please explain in detail how the bonding of several vpn connections works.
    I assume that you have to have several internet connections, and a vpn tunnel created over each, then bond the vpn connections. What I don’t understand is what happens at the other end. if I had 4 adsl lines, 4 vpn connections and bond the 4 vpn’s into 1 pipe, at the other end we have a server on the internet with a 100Mb/s connection, running openvpn. how do I get that machine to bond the 4 incomming tunnels ??

    This is all assuming that the bonding works by creating one big fat pipe, so increasing both the upload and the download, and we could have a public block of IP’s at our end after the vpn connections/bond.

    #45474

    imported_fulvio
    Participant

    From the ADSL (site A) you must configure 4 VPNs in client mode and remote server the IP address of a ZeroShell Box that you have in the place you have the 100Mbit/s Internet connection (site B).
    In the site B you have to create 4 VPNs in server mode. Do not forget to change the UDP/TCP port number (the same for the site A).
    Now you must put all the VPN interfaces in a BOND interface from the site A and from the site B.
    At this point your BOND interfaces are connected and look like ethernet interfaces: you can assign them IP addresses if you want to use the routing between site A and site B, or bridge them with physical ethernet interfaces if you want to connect site A and site B in layer 2. In latter case you can transport the VLANs too.

    Regards
    Fulvio

    #45475

    StevenJohns
    Member

    fulvio,

    OK, I understand most of that….apart from ….

    >>Do not forget to change the UDP/TCP port number (the same for the site A).

    Are you suggesting that each vpn should have a different port number??

    i.e,
    VPN1 = site A (udp 1194) —> site B (udp 1194)
    VPN2 = site A (udp 1195) —> site B (udp 1195)
    VPN3 = site A (udp 1196) —> site B (udp 1196)
    VPN4 = site A (udp 1197) —> site B (udp 1197)

    Secondly,
    Our machine with the 100Mb/s connecion is a Windows Server. I cannot put another machine there at the moment, however I have lots of IP’s allocated to this box, so I could run ZeroShell within VMWare on the Windows server. The question is….have you any idea how I could get the ZeroShell image to work within VMWare?

    Cheers

    #45476

    StevenJohns
    Member

    Fluvio,

    when I try to add an IP to the Bond, I get the following error….
    >> Jun 18 16:34,47 ERROR: IP x.x.x.158/255.255.255.0 not added to BOND00 : x.x.x.0/24 overlaps x.x.x.0/24 (ETH00)

    so it appears that it won’t let me assign an IP out of our block to the bond if the IP is within the same subnet as the IP on eth0……but why ???

    #45477

    imported_fulvio
    Participant

    It is a policy that I wanted. I think that configuring two interfaces in the same or overlapped subnet is not a good practice. But are you sure you really need that configuration? A better solution could be bridge the ETH00 and BOND00 interfaces and assign the IP x.x.x.158 to the BRIDGE00.

    #45478

    StevenJohns
    Member

    Yup, realy needed.

    this box is bieng configured so that several sites can create bonded connections to the internet, bridging ot eth0 is not an option.
    Can I create this manually??

    #45479

    imported_fulvio
    Participant

    I do not understand your setup, but in any case you can try with
    ifconfig BOND00 x.x.x.158 netmask 255.255.255.0

    Could you post a diagram of the network topology you want to obtain?

    Fulvio

    #45480

    StevenJohns
    Member

    Fluvio,

    I’m having some issues here and hope you can shed some light on the subject for me.

    What we need is the following..

    1. Zeroshell server hosted at a datacenter with a 100Mb/s connection and 32 IP addresses (x.x.x.128 – x.x.x.159)

    2. A zeroshell server located at a clients site, connected to the internet by 2 ADSL routers (each have a dynamic public address and do NAT). Router 1 has a 172.16.0.1 LAN addresss, router 2 has a 172.16.0.2 LAN address and ETH0 on zeroshell box is 172.16.0.3 Eth1 on zeroshell is 10.0.0.1 and there are several client PC’s with 10.0.0.x addresses which get to the internet through the zeroshell box.

    What I want to do is to create 2 vpn’s to the hosted server and bond them to get increased bandwidth. I will need to have one of my public addresses ( x.x.x.128) assigned to the zeroshell server at the client site so that we can feed smtp traffic etc into their exchange server.

    I have managed to create the vpn’s and to bond them, however I am now having issues when I try to assign an IP to the zeroshell box at the client site. I think it is to do with routing as I only have a single block of 32 IP’s to play with.

    Is what I’m after possable?? Currently I have the vpn’s and the bond setup but can’t route any traffic up/down the bonded connection.

    Any help would be appreciated, and if you could give example IP structures etc, that would be great.

    Cheers

    #45481

    imported_fulvio
    Participant

    You cannot assign x.x.x.128 to the BOND00 at the client site, because this IP address belongs to the server site x.x.x.128/27 subnet. If you do it then routing tables will be not valid. Futhermore x.x.x.128 is not a host IP but is your network address. The valid IPs are in the range x.x.x.129-x.x.x.158 (x.x.x.159 is the broadcast).
    The only possibility to do what you want is to use the bridging at the server site. If for example, at the moment you have assigned to the ETH00 the public IP x.x.x.158 you need to encapsulate ETH00 in the BRIDGE00 and then assign x.x.x.158 to the BRIDGE00. If you use the “Create Bridge” function of the console, the migration of the IP (ETH00->BRIDGE00) is automatically performed.
    After the BOND00 (server site) is created you just have to insert it in the BRIDGE00.
    Now at the client site you can assign to the BOND00 an IP of the subnet x.x.x.128/27.

    Regards
    Fulvio

    #45482

    StevenJohns
    Member

    Cool,

    Will try this.

    Whth reference to the IP’s, I think you misunderstood my last post, we actually have ip’s x.x.x.1 > x.x.x.254 but most of them are already being used. I can plal with x.x.x.128 > x.x.x.159 as they are currently not assigned to any machine. Our subnet is actually 255.255.255.0

    IP addressing aside, the concept should work. I will post the results back later.

    Cheers

    #45483

    imported_fulvio
    Participant

    Ok, now your network configuration is clearer.

    Fulvio

    #45484

    biblexy
    Member

    How do I connect to Skype using a VPN? I just connected to my uni’s VPN, and everything except for Skype and AIM works perfectly. Skype and AIM won’t even let me log in. I’ve tried changing the proxy settings so that they match my web page settings and changing the ports to match, but it still won’t work. Help? Is there any way I can get Skype and AIM to work with VPN?

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.