PPTP-SERVER LOAD BALANCING

jbosko · November 17, 2008, 11:51am

Hello,

I was wondering is this possible, this is my situation:

Im using mikrotik as pptp concentrator, and its quite OK, but, how time is passing one PPTP server is not enough to cover number of users, when they are all logged on they have problems with badwidth, slow connectivity or response time, now, i would like to know is it possible to add another mikrotik pptp to this witch would balance users, but i want that IP address that users are using to connect to VPN stays the same e.g. 10.10.10.10 (i know i could add another server with 10.10.10.11 but i dont want to do that, its too much trouble in this situation)

So ? Is there any acceptible solution for me ?

Chupaka · November 17, 2008, 12:01pm

it’s quite silly to use IPs as VPN server name… if you use textual names, then you simply add another IP in DNS, and connections to server(s) are load-balanced =)

Chupaka · November 17, 2008, 12:03pm

now you can ‘hide’ your servers behind router with address 10.10.10.10, and then dst-nat vpn connections to your servers

snark · November 27, 2008, 6:13pm

round robin DNS helps

Chupaka · November 27, 2008, 9:54pm

unfortunately, he uses IP, not domain name…

jbosko · November 28, 2008, 12:06pm

can anyone suggest some load balancing software for this ?

snark · November 28, 2008, 12:13pm

place PPTP servers behind NAT then randomly translate users requests to TCP 1723 between them

jbosko · November 28, 2008, 12:18pm

did that, but it hangs, ive got alots of pptp connections approx. 4000 and more, is there some better solution then nat ?

snark · November 28, 2008, 12:46pm

use FQDN names as PPTP server name (vpn.exapmle.com) + RR DNS

Chupaka · November 28, 2008, 10:35pm

should work absolutely stable. what version did you use?

jbosko · December 3, 2008, 12:09pm

OK, im using RedHat EL 5 and installed IPVS+piranha, now, im having trouble with GRE… whenever i try to connect to PPTP i get disconnected with 691 error… any suggestion for iptable rules ?

normis · December 3, 2008, 12:31pm

ok, what has this have to do with MikroTik ?

jbosko · December 3, 2008, 12:35pm

they are behind piranha, and becouse mikrotik dones not offer any kind of solution for this problem (load sharing, or load balancing for pptp termination) i dont see what is the problem asking these questions ? when you create service for load sharing/balancing in mikrotik, there won’t be need to use other services/software etc.

normis · December 3, 2008, 12:40pm

I know, but this forum is strictly about mikrotik, please see FAQ

Chupaka · December 3, 2008, 12:55pm

691 means incorrect user and/or password. I don’t see any reasons ROS or something else may affect this

jbosko · December 3, 2008, 1:39pm

pardon error: 619 i already said it cannot make GRE tunnel… not an user/pass error…

nevermind, close the topic. there won’t be any smart answer found here

Chupaka · December 3, 2008, 2:10pm

wait… what’s problem with MT?..

changeip · December 3, 2008, 6:35pm

you needed to NAT port 1723 and protocol 47 (GRE)… not just tcp/1723. This is the cause of the 619 error.

gmsmstr · December 3, 2008, 10:55pm

The “proper” way of doing this is RR DNS, and setup several boxes. Or, better yet, use MT as your PPTP server and pop in a something that can handle that many connections.