Routing & Load Balancing



  • We have been using OpenVPN for a number of years and it has worked out great. Now we are interested in using the load balancing feature to utilize two Verizon Fios links. I have OpenVPN setup on two different servers. One server is on the 1st Fios circuit and the other is on the 2nd Fios circuit. The load balancing works great and is randomly choosing between the two servers which is great.

    My problem is being able to hit these tunnels from our internal network. Before we just put a route on our proxy server to direct all traffic destined to "10.130.0.0" to go to the server hosting the tunnel. Now that we are using two different servers we can't just use a route on the proxy server because the proxy server has no way to determine which server the client chose randomly. Does anyone know of a solution to this issue. I would like to be able to hit any of these tunnels from our internal network. Any suggestions or ideas are greatly appreciated. Thanks for any help provided. Happy Holiday's!!



  • I have spent the last 2 days on this forum and openvpn forums without any progress.  I can't believe this question hasn't come up.  All I can seem to dig up is people having issues with clients accessing the LAN.  Since all of our clients are linux machines I need to be able to hit the clients from our LAN.  This was no big deal with just one Openvpn server because we could route everything containing to "10.130.0.0" through the openvpn server using our proxy.  Now that we are going to use two servers there seems to be no easy way to do this.

    Does anyone know if pfsence is capable of performing this?  I want to have two openvpn servers with each one connected to different WAN's, then use openvpn load balancing to randomly select which server to connect two.  Since this is random we have no way to tell which client is connected to which server without getting on the openvpn server.  I want to be able to ssh to the clients openvpn IP from our LAN.  Any suggestions are greatly appreciated.

    Thanks,
    Adam


Locked