Page 1 of 1

How should I manage a VPN over two WAN interfaces ?

Posted: Thu Jun 04, 2015 10:29 am
by ik3umt
Two sites with two DSL internet connections each (static IP from ISP), I need to :

Create VPN tunnel to make the two LAN reachable each other (usually I use GRE with RIP)
Internet navigation
Failover/load-balancing/higher-speed using both connection each site.

How can I achieve all three together ??

I'm able to share two connections with PCC, to set up a VPN over a single one, but never tried all this together.
When I declare a remote IP endpoint for VPN , what if there are two on remote site ?
How can I keep VPN up if one of the endpoint becomes unreachable ?

Any suggestion ?

Thank you

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Mon Jun 08, 2015 5:36 pm
by ik3umt
This is the scenario :
Image

Should I perhaps create two tunnel and bind them together some way ?
Or is it possible to create a "virtual" endpoint over PCC binding ?

Any help very appreciated.

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Mon Jun 08, 2015 6:27 pm
by pukkita
You could use policy routing (routing mark) along with PCC so that each VPN is run across the desired WAN.

Regarding tunnels, once VPNs are established you are in control of both ends, opening possibilities; you can use nth to "spread" over available VPNs, or you can use BCP

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Mon Jun 08, 2015 11:29 pm
by ik3umt
So, you're talking about multiple VPN , one per WAN connection ? Or better...like I supposed, run two tunnels , one each wan , and manage traffic between lan by routing over existing tunnels ??

I should have no problem to run a single (gre) tunnel on a single wan connection (i.e. a.a.a.a to c.c.c.c) and leave load balancing for internet purpose, but it would be interesting to achieve also failover for VPN other than simply internet.... (or better , failover would be preferable for VPN rather than internet bandwidth..)

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Tue Jun 09, 2015 12:22 am
by pukkita
I'd load balance / failover Internet using PCC and routing marks which will also used to route each tunnel accross each WAN.

Then you bridge those two tunnels, and aggregate them by BCP.

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Sun Jun 14, 2015 9:15 pm
by lyberis1979
I'd load balance / failover Internet using PCC and routing marks which will also used to route each tunnel accross each WAN.

Then you bridge those two tunnels, and aggregate them by BCP.


Hello, nice solution can you give us an example on this.


cheers.

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Tue Jun 16, 2015 12:27 pm
by pukkita
Have a look at this presentation.

Re: How should I manage a VPN over two WAN interfaces ?

Posted: Tue Jun 16, 2015 12:52 pm
by lyberis1979
Have a look at this presentation.

Thanks that was very helpful.
Cheers.