Connection and VPN Bonding
Contents
Objective
Perferablly bond multiple 3G modems together to create a stable faster connection. I am trying to aggregate 3 unstable connections into one.
Ideas
- Bond 2-3 OpenVPN tun interfaces.
- LAGG
- Kernel Bonding
- LACP (Stable connections, same BW)
- Linux Advanced Routing & Traffic Control - http://lartc.org/
Notes
- http://serverfault.com/questions/171333/how-exactly-specifically-does-layer-3-lacp-destination-address-hashing-work
- It should have been easy: http://evilprojects.org/2009/09/howto-setup-openvpn-channel-bonding-on-multiple-umts-uplinks.html
- Route VPNs through interfaces using port numbers.
Custom Linux
I tested with debian.
Server Configuration
I used a Debian VPS because I wanted to route all my traffic out to the internet through the bond.
OpenVPN
su - aptitude update aptitude upgrade aptitude install openvpn
tap configuration is a bit different then tun configuration. Since it works via layer two you do not need to worry about layer 3 stuff like IPs in the config file.
Setup a CA, Certs, ta.key: http://wiki.hackspherelabs.com/index.php?title=OpenVPN#Setup but here are some commands for reference:
mkdir /etc/openvpn/easy-rsa cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa/ source ./vars ./clean-all ./build-ca ./build-key-server servername ./build-dh cd keys openvpn --genkey --secret ta.key cd .. ./build-key-pkcs12 clientx
You need some openvpn config files in /etc/openvpn/ and here is an example of a tap server openvpn config file:
You need a vpn server for each modem that you want to bond. You will need to configure a different port and ip for each one while also a different tap interface.
You need to stop and disable openvpn from starting because the bonding.sh script will call openvpn.
/etc/init.d/openvpn stop update-rc.d openvpn disable
You also need the utilities that this script calls
aptitude install uml-utilities ifenslave
NAT Forwarding as Internet Gateway
The entire reason I wanted to do this was to forward internet traffic through multiple modems. So on my debian box:
nano /etc/sysctl.conf
Uncomment: #net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward
You then can forward incoming traffic with:
Client
USB Drive/Modem CD Rom Eject
The first step is to get the OS to eject the CD drive: http://ubuntuforums.org/showthread.php?t=1002262
After you plug the device in edit /etc/udev/70-persistent-cd.rules find your device (Novatel_Mass_Storage) and add:
, RUN+="/usr/bin/eject %k"
You will have to do this for each of these type of modems.
I used wvdial to test the modem. It looks like pppd accepts .chat scripts too. Here is my wvdial script:
[Dialer Defaults] Init1 = ATZ #Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 Init2 = ATQ V1 E1 S0=0 &C1 &D2 +FCLASS=0 Init3 - ATQ V1 E1 S0=0 &C1 &D2 +FCLASS=0 #? - Init5 = AT+CGDCONT=1,"IP","" Carrier Check = yes Dial Command = ATX1DT Modem Type = Analog Modem Baud = 460800 New PPPD = yes Modem = /dev/ttyUSB0 ISDN = 0 Phone = #777 Password = JustAnyOldPW Username = 5555555555@vzw3g.com
Replace 5555555555 with your devices phone number.
Notes
- http://mailman.ds9a.nl/pipermail/lartc/2007q3/021307.html - OpenVPN failover bond tun0
- http://wiki.leipzig.freifunk.net/ChannelBonding
- http://www.enterprisenetworkingplanet.com/linux_unix/article.php/3850636/Understanding-NIC-Bonding-with-Linux.htm
- http://stackoverflow.com/questions/9357365/bonding-two-tun-device-connected-to-openvpn
- http://ubuntuforums.org/showthread.php?t=1418377
- http://forums.debian.net/viewtopic.php?f=10&t=67794
pfSense
With the USB760 modem you need to eject the drive before it works.
cdcontrol -f /dev/cd0
This needs to be automated. This thread suggests a devd rule: http://forum.pfsense.org/index.php/topic,43285.0.html
bsd router/firewall/more
Notes
- http://blog.martinshouse.com/2012/01/multi-wan-multi-lan-no-nat-routing-with.html - Failover - Different then LAGG
- http://doc.pfsense.org/index.php/LAGG_Interfaces
- http://forum.pfsense.org/index.php/topic,16923.0.html
- http://forum.pfsense.org/index.php/topic,43285.0.html
ZeroShell
Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you can configure and administer it using your web browser.
- Says it supports VPN Bonding
- 3G support (+It is linux)
Notes
- http://www.zeroshell.net/eng/forum/viewtopic.php?t=2969&sid=1a794e9b20193f03e3c5306f93faf4e9 - However I tried doing this using various permutations, over multiple 3G connections and whilst it did work, if one of the connections in the bond fails, it doesn't fail particularly gracefully.
- http://www.zeroshell.net/eng/forum/viewtopic.php?t=1487&sid=3743889f4a3a308582ee5ac6f4899dba - I am trying to get aggregate bandwidth by bonding multiple vpn connections over 3g dongles and keep running into the following issues
- http://www.zeroshell.net/eng/load-balancing-failover/#vpn-bonding
- http://www.ieee754.org/?p=4
- http://beusergroup.co.uk/technotes/index.php/VPN_Bonding
- http://www.zeroshell.net/eng/UMTS-HSDPA-Mobile-Router/
- http://www.linuxplanet.com/linuxplanet/tutorials/6799/1
- http://digilander.libero.it/smasherdevourer/schede/linux/zeroshellEN.pdf