OpenVPN Load Balancing

From ImageStream Router Documentation

(Difference between revisions)
Jump to: navigation, search
(Created page with "=='''Introduction'''== :In this example, multiple OpenVPN tunnels are load balanced using equal-cost multipath routing and OSPF.")
Line 1: Line 1:
=='''Introduction'''==
=='''Introduction'''==
-
:In this example, multiple OpenVPN tunnels are load balanced using equal-cost multipath routing and OSPF.
+
:In this example, multiple OpenVPN tunnels are load balanced across ADSL links using equal-cost multipath routing and OSPF.
 +
=='''Requirements'''==
 +
:This configuration requires ImageStream Linux 4.4.0-96 or later, multiple ADSL links with statically or dynamically assigned IP addresses and a block of publicly routable IP addresses for the tunnel endpoints.
 +
=='''Head end configuration'''==
 +
interface Loopback0
 +
  ip address 205.159.243.129 255.255.255.255
 +
  ip address 205.159.243.130 255.255.255.255
 +
!
 +
interface Ethernet0
 +
  ip address 10.0.0.200 255.255.255.0
 +
!
 +
interface Tunnel0
 +
  description DSL1 from Remote1
 +
  bandwidth 2512000
 +
  tunnel mode openvpn
 +
  tunnel options --passtos --cipher none
 +
  no tunnel compression
 +
  tunnel source 205.159.243.130 4450
 +
  tunnel destination 0.0.0.0 4450
 +
  tunnel key df0590f214a2eaf9a638f43838132f67
 +
  ip address 192.168.24.1 255.255.255.252
 +
  pointopoint address 192.168.24.2
 +
!
 +
interface Tunnel1
 +
  description DSL2 from Remote2
 +
  bandwidth 2512000
 +
  tunnel mode openvpn
 +
  tunnel options --passtos --cipher none
 +
  no tunnel compression
 +
  tunnel source 205.159.243.131 4451
 +
  tunnel destination 0.0.0.0 4451
 +
  tunnel key df0590f214a2eaf9a638f43838132f67
 +
  ip address 192.168.24.5 255.255.255.252
 +
  pointopoint address 192.168.24.6
 +
!
 +
 
 +
OSPF Configuration:
 +
 
 +
router ospf
 +
  network 192.168.24.0/24 area 0.0.0.0
 +
  default-information originate always
 +
!
 +
 
 +
=='''Remote configuration'''==
 +
interface Ethernet0
 +
  # Specify a /32 netmask to force all traffic out the tunnels
 +
  ip address dhcp ignore-default netmask 255.255.255.255
 +
!
 +
interface Ethernet1
 +
  ip address 172.16.0.1 255.255.255.0
 +
!
 +
interface ADSL0
 +
  protocol pppoe
 +
  adsl device Ethernet0
 +
  ppp pap sent-username dsl-username password dsl-password
 +
  ip address negotiated
 +
!
 +
interface Tunnel0
 +
  description DSL Tunnel0
 +
  bandwidth 2512000
 +
  tunnel mode openvpn
 +
  tunnel options --passtos --cipher none
 +
  no tunnel compression
 +
  tunnel destination 205.159.243.130 4450
 +
  tunnel source 0.0.0.0 4450
 +
  tunnel key df0590f214a2eaf9a638f43838132f67
 +
  ip address 192.168.24.2 255.255.255.252
 +
  pointopoint address 192.168.24.1
 +
!
 +
interface Tunnel1
 +
  description DSL Tunnel1
 +
  bandwidth 2512000
 +
  tunnel mode openvpn
 +
  tunnel options --passtos --cipher none
 +
  no tunnel compression
 +
  tunnel destination 205.159.243.131 4451
 +
  tunnel source 0.0.0.0 4451
 +
  tunnel key df0590f214a2eaf9a638f43838132f67
 +
  ip address 192.168.24.6 255.255.255.252
 +
  pointopoint address 192.168.24.5
 +
!
 +
# The next 4 routes ensure Tunnel0 traffic uses the ADSL0 connection
 +
# and Tunnel1 uses the Ethernet0 connection
 +
ip route add blackhole 205.159.243.130 metric 15
 +
ip route add blackhole 205.159.243.131 metric 15
 +
ip route 205.159.243.130 255.255.255.255 ADSL0
 +
ip route 205.159.243.131 255.255.255.255 Ethernet0
 +
!
 +
 
 +
OSPF configuration:
 +
: Be sure you don't redistribute the connected interface routes for your ADSL interfaces.
 +
router ospf
 +
  network 192.168.24.0/24 area 0.0.0.0
 +
  redistribute connected
 +
  distribute-list 10 out connected
 +
!
 +
access-list 10 permit 172.16.0.0 0.0.0.255
 +
access-list 10 deny any
 +
 
 +
[[Category:Tech_Notes]]

Revision as of 22:25, 21 February 2011

Contents

Introduction

In this example, multiple OpenVPN tunnels are load balanced across ADSL links using equal-cost multipath routing and OSPF.

Requirements

This configuration requires ImageStream Linux 4.4.0-96 or later, multiple ADSL links with statically or dynamically assigned IP addresses and a block of publicly routable IP addresses for the tunnel endpoints.

Head end configuration

interface Loopback0
 ip address 205.159.243.129 255.255.255.255
 ip address 205.159.243.130 255.255.255.255
!
interface Ethernet0
 ip address 10.0.0.200 255.255.255.0
!
interface Tunnel0
 description DSL1 from Remote1
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel source 205.159.243.130 4450
 tunnel destination 0.0.0.0 4450
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.1 255.255.255.252
 pointopoint address 192.168.24.2
!
interface Tunnel1
 description DSL2 from Remote2
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel source 205.159.243.131 4451
 tunnel destination 0.0.0.0 4451
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.5 255.255.255.252
 pointopoint address 192.168.24.6
!

OSPF Configuration:

router ospf
 network 192.168.24.0/24 area 0.0.0.0
 default-information originate always
!

Remote configuration

interface Ethernet0
 # Specify a /32 netmask to force all traffic out the tunnels
 ip address dhcp ignore-default netmask 255.255.255.255
!
interface Ethernet1
 ip address 172.16.0.1 255.255.255.0
!
interface ADSL0
 protocol pppoe
 adsl device Ethernet0
 ppp pap sent-username dsl-username password dsl-password
 ip address negotiated
!
interface Tunnel0
 description DSL Tunnel0
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel destination 205.159.243.130 4450
 tunnel source 0.0.0.0 4450
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.2 255.255.255.252
 pointopoint address 192.168.24.1
!
interface Tunnel1
 description DSL Tunnel1
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --passtos --cipher none
 no tunnel compression
 tunnel destination 205.159.243.131 4451
 tunnel source 0.0.0.0 4451
 tunnel key df0590f214a2eaf9a638f43838132f67
 ip address 192.168.24.6 255.255.255.252
 pointopoint address 192.168.24.5
!
# The next 4 routes ensure Tunnel0 traffic uses the ADSL0 connection
# and Tunnel1 uses the Ethernet0 connection
ip route add blackhole 205.159.243.130 metric 15
ip route add blackhole 205.159.243.131 metric 15
ip route 205.159.243.130 255.255.255.255 ADSL0
ip route 205.159.243.131 255.255.255.255 Ethernet0
!

OSPF configuration:

Be sure you don't redistribute the connected interface routes for your ADSL interfaces.
router ospf
 network 192.168.24.0/24 area 0.0.0.0
 redistribute connected
 distribute-list 10 out connected
!
access-list 10 permit 172.16.0.0 0.0.0.255
access-list 10 deny any
Personal tools
Router software releases