VPN Bounding, Server will not give Internet Connection

Home Page Forums Network Management Networking VPN Bounding, Server will not give Internet Connection

This topic contains 5 replies, has 0 voices, and was last updated by  blacklionpt 5 years, 5 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #43682

    blacklionpt
    Member

    Hi everyone.
    I’ve having a major problem configuring my Setup, since, when the time comes to “GO”, it will just do nothing!

    So, i’m using a Server on a very fast place (100 Mbps internet), and then, using my 2DSL at home (1.5 Mbps each, me and my neighbor joined our DSLs to get a bit faster internet back in January with connectify dispatch), i’m trying to bound them together using VPN’s, so that not only connections are load balanced, but the packets too, so that for example, watching a video on the internet will use both internets instead of just one.

    I Did everything, read a lot of documentation, and when i finish the configuration, i can’t access the internet on my machines at home, however, using my client side ZeroShell Console, i can ping my Bounded VPN’s Server IP just fine.

    Here is my current setup, let’s see if i can make it easier to understand ๐Ÿ™‚

    Client Side:

    Eth0 – 192.168.0.1 (With DCHP, gives internet to all the devices at home)
    Eth1 – DynIP with DHCP Activated (Connects to my Router #1)
    Eth2 – DynIP with DHCP Activated (Connects to my Router #2)

    Then i Have the VPN’s:

    VPN0 – Using Port 1195, forced to use the Gateway 1 (see below on the Net Balancer part what this refers to)
    VPN0 – Using Port 1195, forced to use the Gateway 2
    No encryption or compression.

    And then, i have the bounded connection:

    Bound00 – Using the IP adress 192.168.2.1 on the Server Side, and 192.168.2.2 on the Client Side.

    Then, on the NET BALANCER, i Set up 3 Gateways and activated them:

    Gateway 1, with the gateway from my Router #1 (used IP mode)
    Gateway 2, with the gateway from my Router #2 (used IP mode)
    Bound Gateway, with the IP of my Server side (192.168.2.1)

    Then, on the balancing rules, i created a rule for Protocol matching: ALL, and used the target gateway “Bound gateway”, this in order to force all traffic from my computers connected to my Home Server to use the VPN.

    My Home Server has the following DHCP (Under Network ยป DHCP) settings:

    Range 1: 192.168.0.120 to 192.168.0.180
    Default Gateway: 192.168.0.1
    DNS1: 192.168.0.1
    DNS2: 208.67.222.222 (OpenDNS one)

    Server Side:

    Eth0 – DynIP With DHCP Activated, machine IP using 192.168.1.26 (The router it connects to has the gateway 192.168.1.1)
    VPN’s configured the same as the client side, not forcing any specific gateway
    Then i Bounded them, gave the IP i said before to it, and I Activated NAT on Eth0 too.

    When i at home try using my ZeroShell console to ping the IP 192.168.2.1, it will ping just fine, no packet loss at all, but i don’t have any internet connection!

    Also, if i try to ping 192.168.2.1 from the computers connected to my Home Server, they will not have an awnser, it will just time out, if this is of any help.

    Terribly sorry for this huge post!

    Thank you for your time, i would appreciate any help given!
    Paulo.

    #52779

    TheNanny
    Member

    Hi blacklionpt.

    It’s really a huge post. I hope I understood your idea and configuration.

    You are able to ping the server, so it looks like your connection between zs client and server is ok.

    If you don’t get internet connection you should first check if the default gateway of your zs client points to the server adress, so zs client knows where to send the tcp packets adressed to the internet.
    Second thing you need to check is that on the server the packets received from the internet can be sent back to your clients. You can achive this by NAT on the bond interface (server) or by a static route on the server that routes the 192.168.0.0/24 of your clients back to zs client.

    If the internet connection still does not work, you can check the connection log, firewall log on zs client and server to find out where the packets of your clients get lost.
    You can also use tracert on Windows command line to check the route your internet packets are sent to. This also helps to figure out where packets get lost on their way to the internet.

    #52780

    blacklionpt
    Member

    Hi again. I did the traceroute you asked on one of the machines connected to the DHCP part, and it seems that it will stop right at the gateway of the DHCP server on my Local Server (or in other words, doesn’t even reach the VPN).

    I did have as i said in the first post, on the NetBalancer, one rule to redirect all traffic troughs the bounded VPN gateway, should this be done somewhere else instead?

    Since my text description is a bit confusing, i put together a diagram of what i’m trying to do, with almost all the information that is needed to understand the idea!

    http://img442.imageshack.us/img442/2720/f0ub.jpg

    Thank you for your assistance! Only the Internet Access is failing to be archived ๐Ÿ™

    #52781

    m_elias
    Member

    I had a setup pretty much exactly like you are trying once. Off hand I don’t quite remember anymore exactly how I had mine setup but in the end, Zeroshell sends a redundant amount of ACKs up both VPNs to the VPN host which caused my uploads to hit their max before my downloads were maxed out. Also, it did not fail-over nearly as gracefully as I had hoped so now I’m back to just plain ol’ load balancing. Search the forums for “bond” or “vpn bond” and you’ll see a lot of info.

    https://www.zeroshell.org/forum/viewtopic.php?t=3968&highlight=bond

    #52782

    blacklionpt
    Member

    Oh, sorry for re posting in a row, but i finnaly figured it out!

    All i had to do was exacly what TheNanny Said, but i somehow missread! I just needed to add the Bound00 interface on both servers to the NAT, and bam, internet started zapping at 3 Mbps!

    It’s quite stable, and a lot faster than the old Load Balancing metod, even with the now added 35 ms that it takes to the packets to travel to the Remote Server.

    Also, m_elias, i just tried out the fail over, and it made the switch in an instant. As soon as i forced one tunnel to go down, unplugging the cable, it immediately started using the other one alone. If i stop the remote server, it will start the traditional load balancing between my DSLs, maybe the older version was worse than the new one?

    So far this is working very, very nicely! Again, thank you TheNanny for the awesome tips!

    EDIT:
    Ok, i’ve stumbled across some other problem ๐Ÿ™

    I Have a small HTTP Server in my home, which is also connected to the Internet via ZeroShell.

    The Port forward and all went well, but the problem is i can’t make the DNS for the link to loop inside ZeroShell, it will basically end up going to the internet, and coming back.

    I Tried to use DNS Forwarders, wrote the domain, and the IP of the machine connected to ZeroShell, but it doesn’t seem to be redirecting the request!

    What could be wrong here?

    #52783

    m_elias
    Member

    I will have to try again then. I was using 2.0rc1. Otherwise your reports sounds very promising. IIRC there was some talk on the forums about the DNS thing you’re talking about, I forget the exact name for it.

    #52784

    blacklionpt
    Member

    So, i’ve found two treads, but they kinda got me over the top with confusion.

    http://www.zeroshell.net/eng/forum/viewtopic.php?t=1567&highlight=dns
    https://www.zeroshell.org/forum/viewtopic.php?p=7207&highlight=dns

    I don’t quite get what they do here to make this work at all, i tried messing around for hours but i can never make it work ๐Ÿ™

    My Objective is, i have a dyndns address to my main server, and i want to make sure that, whenever a computer inside the network tries to access the link, it loops back to my http server.

    For example:

    If i open in my LAN http://banana.dyndns.org, it should redirect for, lets say, 192.168.2.68.

    In ClearOS this as easy as going to the DNS area, and add a new DNS rule, with the link i want and the IP i want.

    What steps do i have to do in order to accomplish this?

    I Have to do this, because none of my routers can make a loopback on it’s own, nor my remote router ๐Ÿ™

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.