Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Load Balanced OpenVPN Tunnels

    OpenVPN
    3
    4
    729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mscaff last edited by

      Hi guys,

      How easy is it to setup a load balanced setup for OpenVPN?

      I currently have a 100Mbit line, only get about 50Mbit through VPN (CPU usage at 30%) - I'd like to consider adding another VPN point to point and load balancing over the two?

      For reference, my current setup:

      • Point to point VPN configured between PF and a remote location, no-pull, few custom options for performance.

      • OpenVPN interface (OVPN_INTERFACE) bound to the point to point VPN service (for lack of a better explanation)

      • Firewall rule (policy route) on LAN outbound specifies any traffic originating from 10.1.1.2, use the default gateway (OVPN_INTERFACE), as well as being tagged NO_WAN_EGRESS

      • Outbound NAT rule on OVPN_INTERFACE, any traffic matching 10.1.1.0/24 will be translated by NAT.

      • Floating point rule on Outbound WAN, any traffic matching tag NO_WAN_EGRESS is dropped.

      –--------------------------------

      Cheers

      1 Reply Last reply Reply Quote 0
      • D
        datdamnmachine last edited by

        @mscaff:

        Hi guys,

        How easy is it to setup a load balanced setup for OpenVPN?

        I currently have a 100Mbit line, only get about 50Mbit through VPN (CPU usage at 30%) - I'd like to consider adding another VPN point to point and load balancing over the two?

        For reference, my current setup:

        • Point to point VPN configured between PF and a remote location, no-pull, few custom options for performance.

        • OpenVPN interface (OVPN_INTERFACE) bound to the point to point VPN service (for lack of a better explanation)

        • Firewall rule (policy route) on LAN outbound specifies any traffic originating from 10.1.1.2, use the default gateway (OVPN_INTERFACE), as well as being tagged NO_WAN_EGRESS

        • Outbound NAT rule on OVPN_INTERFACE, any traffic matching 10.1.1.0/24 will be translated by NAT.

        • Floating point rule on Outbound WAN, any traffic matching tag NO_WAN_EGRESS is dropped.

        –--------------------------------

        Cheers

        Load balancing may not be the answer.  You may want to see if you have a physical, network, or ISP issue first.  First question being:

        Do you have a 100Mbit line on both ends?
        Are the download/upload speeds the same?  If not, what are they on each side?
        What type of speeds do you get if you direct connect a laptop to the each connection and run some basic Internet speed tests?

        1 Reply Last reply Reply Quote 0
        • M
          mscaff last edited by

          100/40 connection - 100/400 speeds off the VPN, about 50/20 through the VPN.

          It's clearly a provider issue - you generally never get an OpenVPN provider that can maintain close to 100Mbit/s downstream.

          –---------------------------------

          What's the next step from here? - anyone know how to load balance OpenVPN tunnels?

          1 Reply Last reply Reply Quote 0
          • P
            pfBasic Banned last edited by

            @mscaff:

            you generally never get an OpenVPN provider that can maintain close to 100Mbit/s downstream.

            Eh, in what part of the world? My VPN provider can max my 150/10Mbps connection on a single thread.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy