VPN bonding = low speed

Hey guys.
So here’s the deal:
Three ISP channels, RB on each of them port forwarded to fourth RB (tried SSTP then OVPN, so there was 4443 and then 1194 ports)
Remote RB initiating three vpn sessions, all connected.
Then if it was sstp I couldn’t add it to bond directly (why btw?) and had to add eoip to each and then bonded three eoip, added address to bond interface and set routing. It works, but very slow, 2 mbit at best, meanwhile every ISP give me at least 10 mbit. CPU load is 1-2%.

Then I tried ovpn, so I managed to bond ovpn interfaces without eoip, it worked, but if I drop any ovpn connection I got packet loss and after link is up again packet loss remains. And there was slow speed again.

As I suppose in my case only “balance rr” mode is acceptable, it’s only on that can give speed boost splitting traffic between all links, but if eoip interfaces bonded it can’t monitor vpn link behind eoip, so if link is out you have 1\3 packet loss.

Using 6.12 on AH1100x2 and 6.6 on x86 (esxi).

Hey,

do you need to have a single TCP connection use all links? Otherwise i would recommend to use ECMP (Equal Cost Multi-Path) on top of a dynamic routing protocol like OSPF.

Bonding on VPN links? I don’t think that’s a good idea.
You will very like suffer from out-of-order packets. Very bad for your speed.
Can you draw a picture of your setup?

The idea is to get a thick and failsafe tonnel with any available protocols and then secure TCP\IP inside with ipsec.


I did it the most ugly way in paint :slight_smile:

EoIP interfaces then bonded and the IP is set for the bonding interface and routing applied.