2 openvpns to hidemyass on one wn

  • Hi all,
    Ive being running pfsense for about a week now with an openvpn into HMA ,
    is it possible to have 2 openvpn session or more connected over the same wan so they load balance the traffic.

    Regards Gazzaman

  • I expect that should work - you would assign an interface to each of HMA1 and HMA2 connections (e.g. they become OPT1 and OPT2). Then make a gateway group "LoadBalance" with OPT1_GW and OPT2_GW both on Tier 1. Then make your LAN rule/s select the traffic you want (most or all of it probably) and policy route it to LoadBalance.
    If your 2 HMA servers are in different places they might feed you back a total traffic greater than any 1 of them.

  • Thanks Phil,
    I have just got from Holiday so I will give this ago once my jetlag as gone away:)

  • Hi Phil,
    no Joy with this. After I set this up I went into the firewall rules and tried to set the advance=> gateway to
    the load blance group but it doesnt show up. any ideas ?

  • Hi Phil I have this setup now I had made a IP6 group instead of an IP4 one
    but it doesnt balance it uses one vpn or the other 
    any ideas

  • Hi Looks like this is working. I sent it up to use 2 different locations and my download speed was faster than my connection speed. but when I look at the traffic info on pfsense it only shows download on one of the links

  • Sounds like you are very close. The LoadBalance group must have both gateways on Tier1. And also you need to run multiple downloads from a few clients to get the "random" balancing of client states to gateways.
    With IPv6 you might also now have the issue that your clients have real public IPs. I don't know how that is supposed to work with multiple WANs. When VPN1 connects you will be delegated some IPv6 address space, which gets passed through to be allocated to clients on LAN/s. The VPN provider knows that that address space is routed down VPN1, so if you send traffic from those clients out to an IPv6 server by some other way (VPN2), the public internet routers are going to send it back to the VPN1 provider and it will pour back to you down VPN1 pipe.
    When VPN2 connects, you get another IPv6 address space allocated. Somehow then the clients can get 2 public IPv6 addresses? And then it would become a client function to decide which public IPv6 address to use as source IP when sending, effectively choosing the ISP/WAN/VPN to use.
    How is that all supposed to work, unless you NAT IPv6 at the firewall-load-balancing-routing device (pfSense) so that pfSense can control what states are routed on what links?
    For that matter, how did we do this with IPv4 many years ago before we hid everything behind NAT?

  • Hi Phil,
    all working now I was expecting it to load balance across both openvpn no matter what I was doing. but it works per session which if fine with me.
    I do get what I would call true load balancing when I use a download manger.
    I have now moved VPN providers to PrivateInternetaccess and have 3 openvpns working in the group. 
    Thanks for your help

Log in to reply