Load Balance OpenVPN Site-to-Site
-
in the ospf webgui, are all tunnel-interfaces selected on both ends ?
if yes, then you should see in the ospf status that multiple routes are being added for the same destination.
Look for the costs of all the routes, if you want loadbalancing the cost should be equal for the same route to the other side.
if you dont specify any metric one will be assigned automagically, a low metric causes low cost … a high metric generates a high cost.
costs have to be the same over both tunnels to achieve balancing.
if costs are different then the lower one will be the preferred way ... thus you achieve failover -
On each side both interfaces are selected. In the status tab under "OpenOSPFd FIB" I see:
Destination Nexthop Path Type Type Cost Uptime
10.0.0.1 10.1.1.10 Intra-Area Router 10 04:23:45
10.0.0.1 10.1.1.6 Intra-Area Router 10 04:23:45But again everything is routed through 10.1.1.10.
I just stumbled upon this http://forum.pfsense.org/index.php/topic,24436.msg126273.html post, do you think I can implement that in this case to load balance the two vpn tunnels?
-E -
I ended up using a combination of your advice and the forum (http://forum.pfsense.org/index.php/topic,24436.msg126273.html).
I setup the two tunnels as you suggested (with the routes added). Then assigned them Interfaces and static IPs.
Grouped them in a gateway group and made firewall rules to use that gatewaygroup. I added the allow all rules on the rules for those interfaces and everything works great.
I can start 2 simultaneous transfers from Site A to B and the WAN traffic graphs show both being utilized.
Thanks again for all the help,
-E -
Sorry to mingle myself in this thread.
I am trying to set this up for 3 sites, all 3 with 2 wan connections.
I have no trouble to set up the openvpn tunnels, without entering ip subnet details.
However, I am having trouble setting up interfaces for the tunnels. Do I need to enter ip address? Or do I set the interface type to none?If I set the interface type to none, ospf doesn't seem to start.
If I set up ip addresses, ospf starts, but no traffic is routed through the openvpn tunnels.Any kind of help will be greatly appreciated!
-
When I used ospf I set the interfaces to static with the correct ip and created a gateway for that interface with the gateway ip being the ip address of the opposite site. I did this on both ends of the tunnel.
-Eytan -
Eytan,
thanks for the quick reply.
So if my tunnel network is 10.10.41.0/30, my server gets 10.10.41.1 and my client 10.10.41.2.
I assign an interface on the server side with 10.10.41.1 as the ip and 10.10.41.2 as the gateway.
The interface on the client side gets 10.10.41.2 with gateway 10.10.41.1.I will try this tomorrow.
Thanks for the advice!
-
I tried all the combinations of the following posts but no success Huh
http://forum.pfsense.org/index.php/topic,24436.msg126273.html
http://forum.pfsense.org/index.php?action=printpage;topic=39328.0I have 2 openvpn tunnels. I have gateway group. But the traffic goes to one of them and not balanced Huh
Is there anyone who managed this to tell me the recipe? I worked on this scenario about 10 hours but I didn't manage to succeed the desired result.
-
Do you have the lan rules in place that specify the group as the gateway?
If so, test that when you disable tunnel A traffic goes through tunnel B, and vice-versa.
The best way to test load balance is to create multiple simultaneous connections across the tunnels.-E
-
I tried to transfer files simultaneously from two pc from the one site to the other and the traffic goes through the one openvpn connection. Failover works with about 10 lost packets during the change. But load balance is not working.
-
What is your setup? Are you using ospf or the gateway group?
-
I tried every combination. OSFP. Gateway group. Gateway group AND OSFP.
One try had the result the one site to work from the one ιinteface and the other site from the other but nor this is what I want.