OpenVPN Load Balancing

From ImageStream Router Documentation

Revision as of 22:25, 21 February 2011 by Syoder (Talk | contribs)
Jump to: navigation, search

Contents

Introduction

In this example, multiple OpenVPN tunnels are load balanced across ADSL links using equal-cost multipath routing and OSPF.

Requirements

This configuration requires ImageStream Linux 4.4.0-96 or later, multiple ADSL links with statically or dynamically assigned IP addresses and a block of publicly routable IP addresses for the tunnel endpoints.

Head end configuration

interface Loopback0
 ip address 205.159.243.129 255.255.255.255
 ip address 205.159.243.130 255.255.255.255
!
interface Ethernet0
 ip address 10.0.0.200 255.255.255.0
!
interface Tunnel0
 description DSL1 from Remote1
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel source 205.159.243.130 4450
 tunnel destination 0.0.0.0 4450
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.1 255.255.255.252
 pointopoint address 192.168.24.2
!
interface Tunnel1
 description DSL2 from Remote2
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel source 205.159.243.131 4451
 tunnel destination 0.0.0.0 4451
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.5 255.255.255.252
 pointopoint address 192.168.24.6
!

OSPF Configuration:

router ospf
 network 192.168.24.0/24 area 0.0.0.0
 default-information originate always
!

Remote configuration

interface Ethernet0
 # Specify a /32 netmask to force all traffic out the tunnels
 ip address dhcp ignore-default netmask 255.255.255.255
!
interface Ethernet1
 ip address 172.16.0.1 255.255.255.0
!
interface ADSL0
 protocol pppoe
 adsl device Ethernet0
 ppp pap sent-username dsl-username password dsl-password
 ip address negotiated
!
interface Tunnel0
 description DSL Tunnel0
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel destination 205.159.243.130 4450
 tunnel source 0.0.0.0 4450
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.2 255.255.255.252
 pointopoint address 192.168.24.1
!
interface Tunnel1
 description DSL Tunnel1
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel destination 205.159.243.131 4451
 tunnel source 0.0.0.0 4451
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.6 255.255.255.252
 pointopoint address 192.168.24.5
!
# The next 4 routes ensure Tunnel0 traffic uses the ADSL0 connection
# and Tunnel1 uses the Ethernet0 connection
ip route add blackhole 205.159.243.130 metric 15
ip route add blackhole 205.159.243.131 metric 15
ip route 205.159.243.130 255.255.255.255 ADSL0
ip route 205.159.243.131 255.255.255.255 Ethernet0
!

OSPF configuration:

Be sure you don't redistribute the connected interface routes for your ADSL interfaces.
router ospf
 network 192.168.24.0/24 area 0.0.0.0
 redistribute connected
 distribute-list 10 out connected
!
access-list 10 permit 172.16.0.0 0.0.0.255
access-list 10 deny any
Personal tools
Router software releases