Multiple PPTP WAN load-balancing, combining the outbound speed



  • What an interesting, complex problem!

    Our second office is located in a place,
    where ISPs only provide slow unlimited Internet
    traffic with speed not more than 128 Kbps.
    So, our office is now connected that way:
    We have bought several unlimited internet logins, 128Kbps each (VPN - pptp).
    and use a bundle of route rules.

    I tested the vpn connectivity to pptp server on main office, it worked.
    Note that we didn't buy an external IP-addresses from our ISP (ISP does NAT for us).
    So, our ISP doesn't block GRE,
    and even such a complex thing -  "pptp through NAT over pptp" works, but the speed is
    128kbps.

    Since GRE is not port-based, and all our connections have the same IP-address (ISP's
    NAT server), I'll try a pfSense to send GRE packets to our main VPN server over the
    Internet over all our ISP's connections in round-robins style, to combine their
    speed. It will probably combine ONLY outbound speed of our channels, but it is better
    than nothing.

    Does this "outbound speed combining solution" seem to work, and possible with pfSense?

    AFAIK pfSense currently support just one(not more) pptp vpn interface as WAN.
    Also, I was told in mail-list:

    Is there a workaround to connect all 8 pptp connections
      from pfSense simultaneously?

    "Not a good one. 8 installs could do it, then put one install inside
    those 8 installs to balance between them. If you can use a cheap NAT
    device of some sort on 7 of them, connect the NAT devices to 7 pfSense
    interfaces, and use one on pfSense's WAN, then it'll work.

    Only way PPTP on multiple WANs will ever get implemented is if you can
    contribute code or someone else can in the future.  None of the
    current developers have PPTP Internet connections."

    Questions:

    • Is it possible to run 9 virtual machines on a computer,
        8 of them will run pfSense and connect to PPTP VPN,
        9th pfSense will load-balance between these 8 pfSenses?
    • Is yes, which Virual Machine-software with network-between-VMs
        feature do you recommend to use?
    • Is it possible to write a non-standard rule fo PF,
      which will round-robin only ooutbound GRE packets,
      and to add it (how?) to the pfSense configuration?


  • Sounds like you would be a good test candidate for the new multi-everything code Ermal is working on right now, which will let you setup however many PPTP WANs that you have. It's not ready for public consumption yet though, once 1.3 snapshots are available it might be possible. Not sure when that will be.



  • OK!
    How to test a snapshot build?



  • Also if the ISP is small enough you may be able to get MLPPP support from them. Then use mp5 to configure those 8 connections to look like a single WAN port to pfsense.

    Sorry I'd test it but a little strapped for cash right now. Need a month of business class to test it out on my dual dsl connections. (Donations anyone :P)



  • Support for this is committed to 1.3 please grab a snapshot and test it.


Log in to reply