ZS as Multi Open VPN client – Multi WAN – VPN Load Balance

Home Page Forums Network Management VPN ZS as Multi Open VPN client – Multi WAN – VPN Load Balance

This topic contains 5 replies, has 0 voices, and was last updated by  Jam 4 years, 10 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #43742

    Jam
    Member

    Hi – I am setting Up ZS as Multi Open VPN client to connect an OpenVPN server over the internet with VPN Bonding to gain Load balancing over VPN connections.


    Scenario is:

    1- ZS machine is up-linked with 05 WAN interfaces ended at 05 TPlink Routers which are installed 05 3G EVDO USB.
    2- ZS Machine is configured 05 LAN-LAN OpenVPN clients, each routed by a separate GW. (The IP address of Each TPlink router where each TPlink is at ETH00 to ETH04). All 05 clients connects to single remote VPN Server. (client settings: UDP:80 , Dev:TAP) with different certificates. VPN interfaces are UP.
    3- All 05 VPN interfaces are added as BOND00.
    4- BOND00 is Bridge with ETH-08 as BRIDGE00.
    5- 08 Work Stations are plugged into a switch which is connected with ETH-08. Each Workstation has a manually configured Public IP address awarded by VPN provider.
    6- The ZS firewall is default and no entries are made in it.
    7- In ZS netbalancer 05 Gateways are added.

    Requirement:

    1- The traffic of Workstations should go through VPN tunnels in Load Balance fashion.

    Problem:
    1- Work station is unable to access internet or Ping its Gateway IP address.
    2- I am not known with Firewalls rules well, please help if I am missing something in firewall rules.

    Thanks.

    #52903

    Jam
    Member

    any of my friends who could help me —

    #52904

    m_elias
    Member

    @jam wrote:

    5- 08 Work Stations are plugged into a switch which is connected with ETH-08. Each Workstation has a manually configured Public IP address awarded by VPN provider.

    If you want ZS to load balance via the VPN BOND then I think you need each workstation to get a local IP from ZS and use ZS as your default gateway. ZS then needs to NAT all your traffic through the BOND interface, so I believe it needs to be NAT’d. Is ETH08 ZS’s default/main interface? Do you have a DHCP server active on ETH08?

    @jam wrote:

    7- In ZS netbalancer 05 Gateways are added.

    With Bonded VPN connections, I believe the BOND does the load balancing so netbalancer should be turned off.

    #52905

    Jam
    Member

    hi elias – the ETH08 is bridge wtih VPN Bonded interface to route the clients traffic through VPN to VPN server. The ZS management interface is ETH00 (which is also the LAN interface of other computers connected with it).

    Internet traffic from my LAN interface to internet successfully pass through in round robin load balance mode.

    But traffic from the clients which is supposed to have VPN IP addresses does not pass to the internet using bridge interface BRIDGE (ETH08,BOND00).
    where BOND00 composite of VPN00+VPN01 interfaces.

    Further, for the diagnostic purpose & making the scenario simple, if I remove the Bond interface and Bridge only ETH08 & VPN00 interface , still no VPN traffic goes to internet.

    Any advise. Thanks.

    #52906

    redfive
    Participant

    At least , some info about the other side of the vpn tunnel are needed ,but , for make it simple…..just for example… if you want that an host connected to the eth00 (member of the bridge00 , togheter with the vpn00) can surf the web via the vpn tunnel , the default gateway of that host must be “somewhere” after the vpn-server (or even directly the vpn server itself) , on the other end of the vpn tunnel.
    greetings

    #52907

    Jam
    Member

    Needs to add the routing for destination networks. Run RIP at Bond interfaces and Add routes at server end will populate client side with routes.

    A good product.

    #52908

    mahawish
    Member

    helloo… can anyone help in my project . i wanna to enable the ports of 3cx phone in zeroshell. how it is posible?

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.