How to distribute connections between two wan-ip interfaces
-
@wesleylc1
If you are running a single openvpn server, I think you would need to check the state table to see which connection clients came in on. -
@dotdash
According to the image, this client connected to WAN2-IP, after including "remote-random" in config.OVPN.
But is it possible to validate clients by accessing the two WAN interfaces in a balanced way? -
@wesleylc1 said in How to distribute connections between two wan-ip interfaces:
@dotdash
According to the image, this client connected to WAN2-IP, after including "remote-random" in config.OVPN.
But is it possible to validate clients by accessing the two WAN interfaces in a balanced way?According to this other image, it is possible to identify that the same client made a connection using WAN1-ip, aleratorically, but during this connection there were few clients connected, compared to the moment of the first image.
-
The remote-random option only randomizes the server order on the client side. It is never going to work in any sort of balanced or intelligent way. You could look at a front end load balancer, but that is beyond the scope of this topic, or this forum.
-
@dotdash
I understand that, at this point, it may be a random solution, but I want a solution that works intelligently as a load balancer between the two WAN interfaces. Do you think a new topic should be opened for that matter? -
@Rico said in How to distribute connections between two wan-ip interfaces:
Hmm I never tried with (Open)VPN and maybe it's kind of shoddy....you could also round robin your DNS (target IPs).
Dear @rico, I didn't understand your interaction, can you try to explain to me what can be bad about using DNS to the destination IPs?
-
Round robin DNS is simply adding both IPs to the DNS record. It is no more sophisticated than using the remote-random option. If you want something more intelligent, I would suggest an actual load balancer. I believe Kemp still has a free version available. I'd look into something like that, because it seems you will not be happy with the fairly crude methods available directly in OpenVPN.
-
@dotdash
Do you believe that load balancing is possible with HAProxy? -
HAProxy doesn't work with UDP. You could possibly switch to TCP (and reduce performance for you clients) and hack something together. I don't know. You could ask in the packages section, but ultimately I do not think it will be satisfactory. In my opinion, you can just go the easy and ugly way with remote-random, or get an actual load balancer and do it right.
-
@dotdash According to your answer, using HAProxy would not be the best option for my scenario, as stated, I would have to use TCP on HAProxy and submit myself to reduce the performance of my clients, and that is not what I want to apply.