J1900 dual wan performace
-
@stephenw10 I have
WAN1 Tier 1
WAN2 Tier 1 GW-WANVPN1 Tier1 GW-VPN
VPN2 Tier2Both VPNs have GW-WAN as their interface.
Are you saying this is wrong? -
Yes, you should put each VPN client on a specific gateway otherwise they may easily end up using the same WAN. There is only ever one connection from each VPN client so they cannot load-balance each tunnel.
Steve
-
@stephenw10 but i am using two ExpressVPN access points in a failover. Are you saying the issue is with using openvpn with such a failover, or with openvpn using the wan with loadbalancing. Sorry dude, treat me like a baby.
-
We can't see which interfaces or gateway groups the VPN clients themselves are using.
However since you look to be running the two VPN clients in a failover group only one will be carrying any traffic. And since that one client is a single connection it can only ever use one WAN at a time.
If you want to get the highest VPN throughput you need the two VPN clients in a load-balance gateway. And you need the clients themselves to be set to a specific, WAN gateway so both are used.
Steve
-
@stephenw10 so i reconfig'd to
default router -> WAN1_Failover
(was load balanced - I read this was not a valid config, next time I should RTFM)
VPN1 -> WAN1_failover
VPN2 -> WAN2_failoverVPN_GW -> VPN1 T1, VPN2 T2
But the bottom line is, VPN_GW doesn't really do me any good then, because I don't get to maximize bandwidth. I am better to assign the profile routing to VPN1 or 2 depending on whether the service is more upload or download hungry to utilize the two wan connections the best.
Thanks. I think my knowledge has increased from catastrophic, to only dangerous
-
To use both VPN tunnels you need to set the VPN_GW group as load-balance, both VPNs as the same tier. Right now it's failover so clients routed to it will only use one tunnel, even if there are a lot of clients and a lot of connections.
Steve
-
@stephenw10 last time i tried that, expressvpn didn't seem to like going through two different access points at the same time. I will try again and if still an issue, probably get a backup vpn provider
-
Mmm, they have to allow you connect with two clients at the same time. I have no idea if they do. I know some providers allow that.
-
@stephenw10 the problem is not getting two connections, that I have as a hot failover.
If i set the VPN GW services in load balancing, i start to get the below errors.
There were error(s) loading the rules: /tmp/rules.debug:534: sticky-address cannot be redefined - The line in question reads [534]: pass in quick on $VLAN_27_MEDIA $GWGW_GRP_WAN inet proto { tcp udp } from any to ! $LAN_LOCAL_ALL port $PORTS_WAN_GAMING tracker 1572529018 keep state label "USER_RULE: Pass WAN_PSN Ports"
The error goes away if I revert to failover. I did ask once, and they said it is not supported to have the two connections in load balance. Although they let you have 5 connections in total.
I get a 30% performance hit with them anyway, so I am thinking to try protonvpn anyhow.
-
That's a pfSense error though, nothing to do with ExpressVPN. If you are NATing out of those VPN gateways ExpressVPN wouldn't have idea you were load-balancing anyway.
What is GW_GRP_WAN?
It looks like that traffic would be not via the VPN no?
Steve
-
@stephenw10 that was WAN_loadBalance. I changed it to the VPN_loadbalance and error is gone and vpn loadbalance appears to to be working.
so i have
VPN_Balance / VPN1_failover -> WAN1_Failover
\ VPN2_failover -> WAN2_FailoverWAN_Balance / WAN1_failover
\ WAN2_failoverdefault_route -> WAN1_failover
all seems to be working now.
Thanks for all the help
-
Ok, great, that's what I would expect to need there.
