1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Load Balanced Gateway with Private Internet Access

Load Balanced Gateway with Private Internet Access

  • S

    I've been running a load balanced gateway with multiple connections to different PIA servers for a while. I decided to do some tests on speedtest.dslreports.com to see what combination of servers got the best speed test results. I figured I'd share my results. Some tests were run multiple times, and in those cases, I recorded the best result for upload or download.

    DISCLAIMER: Results not guaranteed. Your mileage may vary. See your doctor if your erection lasts more than four hours.

    Connection: Gigabit fiber via AT&T
    All clients configured with UDP, port 1197, AES-256-GCM

    c7548619-e81c-4e41-b029-94a5055e7520-image.png

    0
  • Netgate Steve

    Wow, that's impressive!

    Do you have a link to a "how to" for such a setup?

    I have been struggling to get multiple load balanced connections working on PIA and so far have failed miserably.

    0
  • S

    Heh. I figured someone would probably ask for a How To. I feel like I'm sure to forget something, but here's off the top of my head quickly while I'm on my lunch break.

    -Configure a new OpenVPN client for each PIA server you want to use (up to 5 or 10 depending on your account) - I won't go into details here, as the guides provided by PIA are pretty easy to follow.
    -Assign an interface to each VPN client
    -Configure Manual Outbound NAT for LAN to each VPN address
    -Create a gateway group containing all of the VPN interfaces
    -Change your 'Default allow LAN to any' firewall rule to use the gateway group as its gateway under Advanced settings
    -Under General setup, only include the two PIA DNS servers for DNS
    -Under DNS Resolver, Outgoing interfaces, select LAN and all VPN interfaces (Make sure WAN isnt't selected)

    I recommend using only US based servers for the gateway so you don't have to manually configure rules for any sites that are region-restricted to the US. Some sites won't allow you to connect from a VPN at all, so you will have to create rules for those to bypass the PIA gateway and use WAN instead. For these, I have an alias called NOVPN and I just add any sites necessary to that alias, and I have a single firewall rule under LAN so that anything that matches uses WAN as the gateway.

    0
  • Netgate Steve

    Thanks. I'll give that a try and let you know how it goes.

    0
  • Netgate Steve

    That worked for me. Thanks

    I was very close but I had not changed the firewall rule to use a gateway group.

    Much obliged..

    0
  • S

    I should have mentioned that the tests above were performed with an i5-680. I just upgraded to a 4690K overclocked to 4.5GHz and I'm getting even faster results now. With all but #6 enabled, my results were 594 down, 776 up. The upload test peaked at over 900Mbps.

    0
  • S

    Some results with the 4690K. After a while of repeatedly switching servers, I started having problems running the test.

    edit Results updated and sorted by number of servers (smallest to largest), then download speed (largest to smallest).

    b5536258-f69f-4a59-99a5-faecde971092-image.png

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy