How to distribute connections between two wan-ip interfaces

wesleylc1

@dotdash
How to validate if the customer connected to "vpn2.company.com.br", after including the parameter in .config.OVPN?

dotdash

@wesleylc1
If you are running a single openvpn server, I think you would need to check the state table to see which connection clients came in on.

wesleylc1

@dotdash
According to the image, this client connected to WAN2-IP, after including "remote-random" in config.OVPN.
But is it possible to validate clients by accessing the two WAN interfaces in a balanced way?

wesleylc1

@wesleylc1 said in How to distribute connections between two wan-ip interfaces:

@dotdash
According to the image, this client connected to WAN2-IP, after including "remote-random" in config.OVPN.
But is it possible to validate clients by accessing the two WAN interfaces in a balanced way?

According to this other image, it is possible to identify that the same client made a connection using WAN1-ip, aleratorically, but during this connection there were few clients connected, compared to the moment of the first image.

dotdash

The remote-random option only randomizes the server order on the client side. It is never going to work in any sort of balanced or intelligent way. You could look at a front end load balancer, but that is beyond the scope of this topic, or this forum.

wesleylc1

@dotdash
I understand that, at this point, it may be a random solution, but I want a solution that works intelligently as a load balancer between the two WAN interfaces. Do you think a new topic should be opened for that matter?

wesleylc1

@Rico said in How to distribute connections between two wan-ip interfaces:

Hmm I never tried with (Open)VPN and maybe it's kind of shoddy....you could also round robin your DNS (target IPs).

Dear @rico, I didn't understand your interaction, can you try to explain to me what can be bad about using DNS to the destination IPs?

dotdash

Round robin DNS is simply adding both IPs to the DNS record. It is no more sophisticated than using the remote-random option. If you want something more intelligent, I would suggest an actual load balancer. I believe Kemp still has a free version available. I'd look into something like that, because it seems you will not be happy with the fairly crude methods available directly in OpenVPN.

wesleylc1

@dotdash
Do you believe that load balancing is possible with HAProxy?

dotdash

HAProxy doesn't work with UDP. You could possibly switch to TCP (and reduce performance for you clients) and hack something together. I don't know. You could ask in the packages section, but ultimately I do not think it will be satisfactory. In my opinion, you can just go the easy and ugly way with remote-random, or get an actual load balancer and do it right.

wesleylc1

@dotdash According to your answer, using HAProxy would not be the best option for my scenario, as stated, I would have to use TCP on HAProxy and submit myself to reduce the performance of my clients, and that is not what I want to apply.