3 vpn load balanced connections in dual failover wan?
I'd like to create three load balanced VPN connections (I'm seeing AirVPN, it permits up to five simultaneous connections).
But these load balanced group should go through a dual wan in failover mode (two internet connections).
Is it possible?
I posted almost identical set up to what you are looking for in response to another user here.
Hopefully it should make sense if you are familiar with....
Create/Assign Interfaces and the Gateway_Groups page at.... " System -> Routing -> Gateway_Groups" .
I saw another post yesterday about the secondary WAN not reverting back to principle WAN when reconnected, and someone offered a script to solve it. I need to find it again in order to link to it. Will update if I find, test and confirm it works to fix the problem.
Hope this is useful.
Main WAN connection = DHCP with 3 VPN clients sharing traffic. Any failing VPN is dropped and load shared over remaining two. (Redunancy between VPN's)
Pull WAN cable => connection fails over to LTE Wireless and VPN's re-establish connection. ...Takes a couple of minutes but it works.
Reconnect WAN cable => DHCP connection always comes UP but it doesn't always switch back from LTE to PPPoE.
5 interfaces assigned
- WAN_DHCP - Vendor A : Monitor 184.108.40.206
- VPN1 - At Vendor B - server X, port 80 : Monitor 220.127.116.11
- VPN2 - At Vendor B - server Y, port 443 : Monitor 18.104.22.168
- VPN3 - At Vendor B - server Z, port 1194 : Monitor 22.214.171.124
- WAN_LTE - Vendor C : Monitor 126.96.36.199
All are "UP"
System -> Routing -> Gateway Groups
VPN_GROUP => VPN1 (Tier 3) + VPN2 (Tier 3) + VPN3 (Tier 3) Trigger Level = Packet Loss or High Latency
WAN_GROUP => WAN_DHCP (Tier 1) + WAN_LTE (Tier 5) Trigger Level = Member Down
Firewall -> Rules --> add pass rules for internet traffic using "VPN_GROUP" gateway
System -> Routing -> select Default Gateway IPv4 = "WAN_GROUP"
System -> Package Manager -> Service Watchdog -> Added all VPN clients + dpinger Gateway Monitoring Demon + DNS Resolver (..... not sure if this is necessary but thought it useful to ensure service watchdog was watching those services that are likely impacted by switching WAN gateways).
@why at the end is more or less the same setup that I did.
I started from nguvu guide and adapt to dual-wan failover.
Until now (finger cross) all tests I did the wan switch always worked (but I had to remove the persist-tun option otherwise the vpn connections didn't change wan).
Two things: now the VPN gateways monitored IPs are the gateways itself and I have a different tier numbering:
- wan failover: wan1 is tier 1 and wan2 is tier 2
- vpn balancing: all in tier 1