Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Dec 2013
    Posts
    25

    Default OpenVPN Multi WAN

    Due to having issues with bonded DSL / OpenVPN and RDP traffic, Im attempting to come up with another approach in case I cannot resolve the issue which has been ongoing for quite a while!

    Can I install another NIC in the Untangle box connected to a separate DSL line, designate it as a WAN interface (WAN2) and force OpenVPN to connect over that WAN2 connection whilst all other internet bound traffic goes out over the existing bonded dsl WAN connection (WAN1)?

    Thanks

    Paul..

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,712

    Default

    You can but not easily. You will need to edit each client VPN config and remove the WAN1 information from the .ovpn file.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Dec 2013
    Posts
    25

    Default

    Its only going to be used for a site-to-site VPN between 2 Untangle boxes..

    Both "server" and "client" sites are behind bonded dsl connections at the moment with an Untangle 10.1 box and whilst the OpenVPN connection works for pings and traceroutes etc, it has RDP and SMB issues which we cant seem to resolve. We have isolated the issue to the bonded dsl connection itself as it works fine when a line is dropped from the bonded dsl and used as a single adsl instead.

    So Im thinking that we could use the bonded DSL on WAN1 for "internet" traffic and use a single ADSL on WAN2 at each site with OpenVPN on WAN2 for site-to-site traffic.. Any problems in this approach?

    Paul..

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,712

    Default

    No problems with your scenario. I've had better performance with IPsec site-to-site than OpenVPN in live sites. There should be no difference but across the Internet there is a measurable difference with transfers.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    Dec 2013
    Posts
    25

    Default

    Thanks..

    Ive now configured WAN2 on the "server" end connected to a single ADSL line. The remote test Untangle I have is connecting fine and all seems to be working OK for 2 way traffic.

    By default, does it send all traffic over WAN1 unless its OpenVPN traffic? What happens if WAN1 goes down - will it route outbound traffic to WAN2 in that instance? Are there any other circumstances it will send over WAN2?

    Paul..

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,712

    Default

    Quote Originally Posted by DynamicIS View Post
    By default, does it send all traffic over WAN1 unless its OpenVPN traffic? What happens if WAN1 goes down - will it route outbound traffic to WAN2 in that instance? Are there any other circumstances it will send over WAN2?
    OpenVPN can only use one WAN at a time. It does do a round-robin on the WANs on each disconnect. Example, OpenVPN disconnects since WAN 1 is down, OpenVPN will try to reconnect on the next WAN.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by DynamicIS View Post
    Thanks..

    Ive now configured WAN2 on the "server" end connected to a single ADSL line. The remote test Untangle I have is connecting fine and all seems to be working OK for 2 way traffic.

    By default, does it send all traffic over WAN1 unless its OpenVPN traffic? What happens if WAN1 goes down - will it route outbound traffic to WAN2 in that instance? Are there any other circumstances it will send over WAN2?

    Paul..
    The client chooses which WAN to connect to - the server will answer via the same WAN the client connected on.
    The client chooses based on your configuration of Public Address. If the Public Address fails it will then try the IPs of the WANs manually as configured in the conf file.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untanglit
    Join Date
    Dec 2013
    Posts
    25

    Default

    Thanks again.

    I manually edited the client conf file to remove any references to anything other than the single IP address of WAN2 so that the client will only connect over this connection.

    I should be been more precise in my questions..

    Firstly - As the server now has 2 WAN ports, will it route general internet traffic over WAN2 in normal circumstances? What happens if WAN1 goes down - will it route outbound traffic to WAN2 in that instance? Are there any other circumstances it will send over WAN2?

    Secondly, when I reconfigure the client with 2 WANs, how can I force untangle to route the OpenVPN connection over WAN2?

    Paul..

  9. #9
    Untanglit
    Join Date
    Dec 2013
    Posts
    25

    Default

    In the end, OpenVPN over Sheredband just didnt work. Rather than start complicating matters I have bought the IPSec VPN modules for both ends of the connection and configured it and can now connect fine.

    Thanks

    Paul..

  10. #10
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    @DynamicIS - I wonder if your OpenVPN over bonded DSL issue was due to the MTU of the DSL connection being smaller than 1500. I have seen this before with DSL connections and had to modify my client's server to keep its MTU within the boundaries of what the DSL connection permitted.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2