- This topic is empty.
-
Posts
-
Short story – we temporary move our office to other place, but there isnt any suitable internet connection so we are using 3G modems. But we have also unused connection capacity in datacentre (100/100 , one public IP) So my idea was to agregate some 3G modems and make VPN bond to datacentre. I was playing with zeroshell for two weeks but wasnt able to configure working setup π I tried almost all hints which i found on this forum, but without succes. So my question is, has anyone working solution which is close to our setup?
setup: in our office is “zeroshell client” – with two 3G usb modems (zeroshell 1.0b13 without modifications – previosly i try update usb_modemswitch to 1.2.3 but i roll back to official version) this client should be connected thru 2 BOnded LAN2LAN VPN to Zeroshell “server” in our datacentre. This ZS “server” has only one public IP, but regarding Fluvio’s pronouncement in section “Documentation/Load Balancing and Failover of multiple Internet connections/Aggregating VPN and increasing bandwidth in layer 2” it should be possible thru Net Balancer Gateways.
3G pp0 — VPN00
VPN00
ZS “client” ETH00 (192.168.2.1)
BOND00 (192.168.100.2 | 192.168.100.1)
ETH00 (pubic IP 89.XXX.XXX.XXX/23) – ZS Server
3G pp1 — VPN01
VPN01
zeroshell client:ppp0 – 3G modem (Autostart YES, Default route NO, NAT YES)
ppp1 – 3G modem (Autostart YES, Default route NO, NAT YES)
ETH0 – 192.168.2.1/24 – ENABLED DHCP server on this interf., NAT ENABLEDNet Balancer: ENABLED :
GW ppp0 (Enabled, Weight 1, IP – none- , Network Interf. ppp0, Timeout Coef. x8 )
GW ppp0 (Enabled, Weight 1, IP – none- , Network Interf. ppp1, Timeout Coef. x8 )
DEFAULT GW (Enabled, Weight 99, IP 192.168.100.1/ip of other side of bond, Network interf. NONE, Timeout coef. x8 )Balancing rules – NONE
VPN:
VPN00 – remote host – IP of ZS server | port – 1195 – UDP | Role- client | Compression, Encryption – NONE | Authen. – PSK | Gateway – PPP0
VPN01 – remote host – IP of ZS server | port – 1196 – UDP | Role- client | Compression, Encryption – NONE | Authen. – PSK | Gateway – PPP1BOND00 (VPN00+VPN01) 192.168.100.2 Falut Tolerance and Load Ballancing
Static routes – NONE.
zeroshell server:ETH00 – 89.XXX.XXX.XXX 255.255.254.0 – NAT enabled
VPN00 – remote host – NONE | port – 1195 – UDP | Role- server | Compression, Encryption – NONE | Authen. – PSK | Gateway – AUTO
VPN00 – remote host – NONE | port – 1196 – UDP | Role- server | Compression, Encryption – NONE | Authen. – PSK | Gateway – AUTO
BOND00 (VPN00+VPN01) IP 192.168.100.1 Falut Tolerance and Load BallancingNet Balancer – disabled
Static Routes : 192.168.2.0 255.255.255.0 Net 0 192.168.100.2 Up
DEFAULT GATEWAY 0.0.0.0 Net 0 89.187.142.1 UpOn zeroshell “client” i try to setup static routes, but they are always overriden by Net balancer. Temporary succes was : enables all gateways in net ballancer in ZS client and set maximum Weight on Default gateway, in this case ping is ok, traffic going thru bond, but speed is uselessness. WEbPages load in couple of minutes and also VPN log reports errors write UDPv4 []: No buffer space available (code=105), witht Default gateway disabled in Net balancer, and seting up it in static routers there are problems because net balancer set down static routes and set up default gateway as ppp0 – ppp1 – so traffic is nor going thru bong, but thru 3G resp. provider)
can anyone helps me a bit? π
thanks,
Michal.
I have not done this, but looking at your setup, I’d get rid of the load balancing and make the bonded VPN connection your default gateway.
@atheling wrote:
I have not done this, but looking at your setup, I’d get rid of the load balancing and make the bonded VPN connection your default gateway.
But we have left only one public IP on server side, so regarding Fluvio post, i am thinking that NetBalancer is needed for setup 3G gateways – eg. split traffic thru VPNs on client side. Anyway i wish if there will be more documentation about this feature π
update π
i am able to get setup working when net ballancer is turn off.
done with static routes where all trafic (e.g. 128.0.0.0/128.0.0.0 and 0.0.0.0/128.0.0.0) is routed to other side BOND IP.
BUT to set up VPN conection is needed to route, at least, public IP of zeroshell “server” thru ppp interface (3G modem). For one modem connected its working, but how to setup it for two or more modems? eg. route one destination IP thru 2 or more ppp interfaces? βIf you setup a bonded set of VPNs then the bonding interface will present one IP and one MAC address to use for routing traffic.
Even if you have only one IP address at your main site, you can still set up three VPNs from your remote office to the server at that site then bond the VPN interfaces into one bonded interface there too.
hmm, but the problem is (if i want to make it “easy power off and on”) that i must setup also static routes for PPP interfaces (to be able to connect to server side and establish VPN connection – in case that i setup default gateway as server side IP of of BOND
so at my setup – default gateway (or static route 0.0.0.0/0) = 192.168.100.1. BUT i must also made route for ppp0 and ppp1 interf. because when all traffic is redirected to GW, ppp interf. are unable to establish VPN connection. I know that it shloud be possible by net balancer rules, but it won’t work for me. And I am not able to make two static routes for two (or more) ppp interfaces where destination is one and same IP.So i go ahead and free up one more public IP. Now its working ok / with static routes / but i got another problem. When VPNs are active for some time and some traffic goes thru, i got errors messages “write UDPv4 []: No buffer space available (code=105)” and VPNs goes down. i tryed to add “echo 2048 >/proc/sys/vm/min_free_kbytes” to postboot/cron but without succes π
- You must be logged in to reply to this topic.