Re: VPN + multilink connection
I think what you might want to look into is a combination of fwmark and
iproute2.
Mark the packets with iptables -j MARK --set-mark X and then route them
using iproute2.
See www.lartc.org
specifically :
http://www.lartc.org/howto/lartc.iproute2.html
http://www.lartc.org/howto/lartc.netfilter.html
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
Works nicely here with a little customisation and tweaking.
Regards,
charlie
On Fri, 2005-01-28 at 05:59, Jean-Michel Hiver wrote:
> >You realy didn't give a whole layout, I was assuming you where using
> >crossover cables.
> >
> I see - sorry :-)
>
> Well it would be something like this:
>
> Box1 (dedicated server)
> - eth0 -> monster bandwith, not a problem
>
> Box2 (home)
> - eth0 (192.168.1.2) -> DSL nat router thing 192.168.1.1
> - eth1 (192.168.1.12) -> DSL nat router thing 192.168.1.11
>
> Now the big question is: how do I do in order to route VPN traffic
> through the right gateway? At the moment everything goes to one DSL
> connection...
>
> Say I have tap0 going through UDP/8000 and tap1 going through UDP/8001,
> and my default gateway is $GATEWAY1. What's the simplest way for me to
> route UDP/8001 traffic through $GATEWAY2?
>
> I currently use firehol because it's nice and simple. Is it something I
> can do with firehol?
>
> If you could let me know how to do to this it would be great - I'm stuck
> on this one :(
>
> >In any event you will end up using bond or eql(for slow
> >serial links, like if you where using internal DSL cards). This workes
> >for outoging, without VPN, however for incomming trafic(on the other end)
> >you will most likely need to setup VPN if you need that to be balanced as
> >well.
> >
> >
> Well yeah, especially since all the data is going to be transferred
> trhough one connection and one socket (Asterisk IAX2 VoIP protocol), in
> this case I'm not sure load balancing works very well without VPN.
>
> So it seems that multiple tap VPNs bonded together might do the trick
> nicely. We'll see...
>
> >Also don't forget to use a shaper, I recomend the wonder shaper to start
> >with.
> >
> >
> Sure. I think once this is set up I might as well set the server with
> monster bandwith as default gateway - this way I can do traffic shaping
> at both ends of the VPN link.
>
> There's some fairly good VoIP related traffic shapers on voip-info.org -
> I'll use them!
>
> Cheers,
> Jean-Michel.
--
============================
Charles Kidson
Systems Administrator
General Pants Group
charlesk@generalpants.com.au
ph 02 9290 0813
fx 02 9299 6485
mb 0428 61 7766
============================
Notice: This email and any attachments are confidential and may contain
copyright material of General Pants Co. Pty Ltd., Jetty Surf Pty Ltd. or
third parties. If you are not the intended recipient of this email you
should not read, print, re-transmit, store or act in reliance on this email
or any attachments, and should destroy all copies of them. General Pants Co.
Pty Ltd. and Jetty Surf Pty Ltd. does not guarantee the integrity of any
emails or any attached files. The views or opinions expressed are the
author's own and may not reflect the views or opinions of General Pants Co.
Pty Ltd. and Jetty Surf Pty Ltd..
Reply to: