Multiple, balanced OpenVPN client connections, one WAN

  • My VPN provider allows several concurrent connections to their service.
    They have 3 UK servers, but there is no single one which has consistently high throughput (I.E sometimes they drop my 100Mbps connection to 15-20Mbps) - presumably because they are over-utilised.
    However, out of the 3, at least one always seems to provide >85Mbps. When using a local client software for the connection, it's no big deal to connect to each in turn and run a quick speed test to see which is best to use.
    However, when I finally move the OpenVPN client handling over to my pFsense box, it will be much more hassle (not to mention impossible for anyone in the house apart from me) to change connections.

    What I'm wondering is:

    Can I connect to each client at the same time, over one physical WAN connection, and have pFsense regularly check which is the fastest server, and route all traffic over that one? Or alternatively, balance traffic over all 3 so that I always get the fastest available connection?

    For more clarity (hopefully) here is a picture!


    it's not a problem to setup multiple openvpn-clients on pfsense.

    it's also possible to get them into a group and do a loadbalancing.

    but i don't know if it's possible to setup that will check the throughput.
    The load-balancing can check the pings and packet-loss and will adjust the group as configurd. I'm not aware of any mechanism that will do what you want to do.
    So how does the load balancing actually work then? If I set up 3 VPN connections and put them all in a group with equal priority, what would this mean for throughput?

    Assuming: + My WAN is 100% stable at 100Mbps,
                    + Each VPN server is capable of providing me with 100Mbps,
                    + My hardware can easily maintain 3 VPN connections with 100Mbps traffic.

    Does load balancing work like this:

    • All 3 VPN's connected - I get 33.334Mbps from each connection.
    • One server goes down / gets overloaded - I get 66.667Mbps total D/L speed.

    OR like this:

    • I get my 100Mbps, but it uses whichever VPN connection it likes.
    • One server goes down / gets overloaded - I still get 100Mbps D/L shared between the remaining 2 connections.

    If the second case is true then this is exactly what I'm after!

  • the second one is what will happen.
    in reality with all of them put into the same tier while creating the loadbalancer:
    it will just split the requested traffic through all of the VPN-Connections.
    So, if you have 3 VPNs - they will each get 33.33Mbits (1/3 of 100Mbit)
    if one of them shuts down, the traffic will be shifted to the remaining two, resulting in 2x 50Mbits
    again one goes offline -> 1 VPN with 100% of 100Mbit

  • I am trying to do something similar, I have been following this guide –>

    I have got 4 openvpn clients configured and they all connect correctly, I want to load balance them. The problem is that they all have the same gateway and I can only configure one gateway on PFsense with this address. Is there away around?


  • This might help some of the wrestling with config.

