Optimal VPN solution for Dual wan?

  • Hi

    How can I accomplish this?


    Idea is to make:

    • Site to site VPN.
    • Make single connection inside the VPN to use full bandwidth of both wan connections using (Split TCP, Multipath TCP, Bonding or technique x?).
    • Make it possible for a Road Warrior to have VPN connection to both sites and have traffic use the optimal speed/route.


    • The order for "split/bonding" and VPN might not be in optimal/working order.

    • The wan2 and Road-warriors connections are 4G so they are behind ISP-NAT. So they can "only do" outbound IPv4 connections. Public IPv6-address might be possible.

    • The DSL connections have public IPv4 addresses and take incoming connections.

    • If the default pfSense cannot do this alone... I am interested to know what open source technology I can add to accomplish this.

  • GRE Tunnel Bonding Protocol [https://tools.ietf.org/html/rfc8157](link url) - "Single flow may use the combined bandwidth of the two connections.
    Can this be implemented in pfSense?

    It seems Layer2 bonding is one solution. " since load balancing in bonding takes places in Ethernet frames, even a single TCP/IP connection will enjoy an increased band thanks to the presence of multiple links."
    [https://zeroshell.org/load-balancing-failover/#vpn-bonding](link url)
    Can this be implemented in pfSense?

Log in to reply