Load Balanced Gateway with Private Internet Access

SeaMonkey

I've been running a load balanced gateway with multiple connections to different PIA servers for a while. I decided to do some tests on speedtest.dslreports.com to see what combination of servers got the best speed test results. I figured I'd share my results. Some tests were run multiple times, and in those cases, I recorded the best result for upload or download.

DISCLAIMER: Results not guaranteed. Your mileage may vary. See your doctor if your erection lasts more than four hours.

Connection: Gigabit fiber via AT&T
All clients configured with UDP, port 1197, AES-256-GCM

Netgate Steve

Wow, that's impressive!

Do you have a link to a "how to" for such a setup?

I have been struggling to get multiple load balanced connections working on PIA and so far have failed miserably.

SeaMonkey

Heh. I figured someone would probably ask for a How To. I feel like I'm sure to forget something, but here's off the top of my head quickly while I'm on my lunch break.

-Configure a new OpenVPN client for each PIA server you want to use (up to 5 or 10 depending on your account) - I won't go into details here, as the guides provided by PIA are pretty easy to follow.
-Assign an interface to each VPN client
-Configure Manual Outbound NAT for LAN to each VPN address
-Create a gateway group containing all of the VPN interfaces
-Change your 'Default allow LAN to any' firewall rule to use the gateway group as its gateway under Advanced settings
-Under General setup, only include the two PIA DNS servers for DNS
-Under DNS Resolver, Outgoing interfaces, select LAN and all VPN interfaces (Make sure WAN isnt't selected)

I recommend using only US based servers for the gateway so you don't have to manually configure rules for any sites that are region-restricted to the US. Some sites won't allow you to connect from a VPN at all, so you will have to create rules for those to bypass the PIA gateway and use WAN instead. For these, I have an alias called NOVPN and I just add any sites necessary to that alias, and I have a single firewall rule under LAN so that anything that matches uses WAN as the gateway.

Netgate Steve

Thanks. I'll give that a try and let you know how it goes.

Netgate Steve

That worked for me. Thanks

I was very close but I had not changed the firewall rule to use a gateway group.

Much obliged..

SeaMonkey

I should have mentioned that the tests above were performed with an i5-680. I just upgraded to a 4690K overclocked to 4.5GHz and I'm getting even faster results now. With all but #6 enabled, my results were 594 down, 776 up. The upload test peaked at over 900Mbps.

SeaMonkey

Some results with the 4690K. After a while of repeatedly switching servers, I started having problems running the test.

edit Results updated and sorted by number of servers (smallest to largest), then download speed (largest to smallest).