and on speedtest.com my speed is balanced 48mb
i added a l2tp ExpressVPN in PPP and create NAT to masquerade out-interface=l2tp-out
and create a mangle rule
when i assign 192.168.0.110 ip for my laptop the VPN works fine put it is only using 1 of the WAN interfaces and it look like i cant control witch WAN that i can make the VPN connects to
i need you to help me to make a Load Balancer that the VPN connect to all my WAN’s
i can make a 3 l2tp-out connections with my ExpressVPN account but how can i make every l2tp connect throw 1 of the WAN’s and balance the hole thing
First - a single connection will always use just one of the uplinks. speedtest.net uses multiple connections to test the bandwidth; for real traffic, it depends on the application.
Second - yes, to load-balance the traffic via VPN, you need three separate VPN connections. And if ExpresVPN only supports a single connection per account, you need three accounts. A single VPN connection cannot be load-balanced among three WANs.
Third - when creating an /interface l2tp-client, you can specify a src-address, which supersedes the choice of source address done by routing. However, it does not supersede the routing itself. So in addition to specifying a distinct WAN IPs as a src-address for each /interface l2tp-client, you need to use rules in chain output of /ip firewall mangle to add a routing-mark value depending on the source address:
Thank you sindy for the quick reply
I’ll try it now i can create 3 L2TP interfaces with the same account and each one of them is getting a deferent ip seems good so far
What is the scr-address is the L2TP out refer to i don’t now which source thay mean (new to all this)
I want to ladbalance the vpn interfaces
Please help me how to
The src-address parameter tells the /interface l2tp-client row which one of the own IPs of the router to use. So it must be set to one of the addresses you’ve got on your WAN interfaces. If this parameter is not specified, the route to the server is found in the routing table called main, i.e. the one used if no routing-mark value is assigned to the packet. This determines the WAN to be used, and the IP address assigned to this WAN is then used to establish the VPN transport connection.
In any case, some route (the default one is sufficient) must exist for the destination IP in routing table main, otherwise the packet to that destination doesn’t make it to mangle/output.
The load balancing setup will be the same you currently use with the real WANs, except that you’ll use the VPN tunnels instead of the real WANs.
So you’ll keep the three existing routes with routing-mark values to_WAN1, to_WAN2, to_WAN3 for the real WANs and use the rules in chain output of mangle I gave in my previous post, these will be used to push the VPN transport traffic via the individual WANs.
And you’ll add three more routes via the three L2TP tunnels (using the interface names as gateway parameters of these routers), with another set of routing-mark values (to_VPN1, to_VPN2, to_VPN3), and use your load distribution rules to assign these values to the traffic that should be routed via VPN.
The rules above in chain input, and those translating the connection-mark to a routing-mark in chain output, are only necessary if your router acts as a server and some clients connect to it from remote (incoming VPN connections, some https server at home, etc.). If this is the case, these rules ensure that the response of the router will be sent via the same WAN through which the request has arrived. If this is not the case, there is no need for these rules.
It is normal that it gets disconnected, but it should re-connect again.
The source address you set must be up on the router, is it?
The action=src-nat (or action=masquerade) rules in nat and action=mark-routing rules in mangle, or instead rules in /ip route rule, must exist in order that it worked.
If all the above is met, and it doesn’t work, post an anonymized export of the configuration in the non-working state, see my automatic signature below for a hint.
(new to all this)