-
Notifications
You must be signed in to change notification settings - Fork 130
Using MLVPN and Shorewall
I have 2 adsl lines, from the same provider (though they do not have the same bandwidth!)
I have a router (small linux box), that runs PPPD through two modems (they happen to be Netgear modems, with broadcom chipsets, on which I run modfs, and am able to 'tune' the S/N ratio better).
On the linux box (we will call this a router), I run a (slightly) modified version of MLVPN (see https://github.com/zehome/MLVPN/pull/69) - this is not a stable version, and hopefully in the future a better solution will come along as mentioned in the comments there. This may be tracked here: https://github.com/zehome/MLVPN/issues/70
The router also runs shorewall (see shorewall.net. This is an easy to configure firewall capable of load balancing).
On the server, (which in this case is an OVH 'VPS', with 10x more bandwidth than I'm likely ever to get 'locally' through my ADSL lines).... I run an unmodified version of mlvpn
You should follow the setup from the shorewall guide to multiple ISP's here: http://shorewall.net/MultiISP.html And you should follow the guide to setting up MLVPN. Here, I note the significant differences.
My desire is that normally traffic should pass through the MLVPN, however as a fallback, shorewall should balance the traffic between the PPP connections. So, we add an interface, which in this case will not have DHCP traffic. Note the masquerading (which removes the need for setting up masquerading in the mlvpn up-down scripts, more on those later).
(Following the tutorial for MLVPN, - hence the 10.42.42.x)
interfaces:
net ppp0 optional,dhcp,nosmurfs,routefilter,logmartians=0
net ppp1 optional,dhcp,nosmurfs,routefilter,logmartians=0
net mlvpn0 optional,nosmurfs,routefilter,logmartians=0
lan eth0 dhcp,nosmurfs,routefilter,logmartians=0
masq:
ppp0 192.168.1.0/24
ppp1 192.168.1.0/24
mlvpn0 192.168.1.0/24 10.42.42.2
providers:
MLVPN 1 3 - mlvpn0 10.42.42.1 balance=1 -
ISP1 2 1 - ppp0 - track,fallback=2 -
ISP2 3 2 - ppp1 - track,fallback=2 -
The setup for MLVPN is not to complex either.
in the up-down script, find a place to restart shorewall when the mlvpn0 device comes up (or goes down).
/sbin/shorewall restart
On the client side, you can use ppp0 and ppp1 as the 'bindhost' (if you are using the patch above). In the future, hopefully there will be a more elegant way.
Then there is one last hack/trick: If your friendly ISP provider is likely to be mucking about with your line (which mine is), and your bandwidth goes up and down as fast as a 10 year olds brand new yoyo..... then, you might want to try to adjust your bandwidth through MLVPN Again, an elegant solution to this will come soon: https://github.com/zehome/MLVPN/issues/64
In the meantime, roll your sleeves up.... This is about to get very dirty....
I extract the currently synchronised bandwidth from the modem's thus - Your Millage will vary, good luck, but with a following wind, you should fine a way to get the number you want out of the modem:
#!/bin/bash
PPP0=(`sshpass -pXXXX ssh [email protected] adsl info | awk '/Path:/ {print $6,$11}'`)
PPP1=(`sshpass -pXXXX ssh [email protected] adsl info | awk '/Path:/ {print $6,$11}'`)
ssh 11.22.33.44 /etc/mlvpn/retune.sh ${PPP0[1]} ${PPP1[1]}
/etc/mlvpn/retune.sh ${PPP0[0]} ${PPP1[0]}
And then, as you can see, I run a script on each end of the vpn link... /etc/mlvpn/retune.sh:
#!/bin/sh
sed -i -- "s/bandwidth_upload = [0-9]* #ppp0 AUTO/bandwidth_upload = $1 #ppp0 AUTO/1" /etc/mlvpn/mlvpn.conf
sed -i -- "s/bandwidth_upload = [0-9]* #ppp1 AUTO/bandwidth_upload = $2 #ppp1 AUTO/1" /etc/mlvpn/mlvpn.conf
pkill -HUP mlvpn
And, as you can guess, in my mlvpn.conf script, I ensure that my bandwidth lines look like: 'bandwidth_upload = 968 #ppp0 AUTO NB this value will be auto filled!'
###starting and stopping You will want to make sure that you have installed everything to start and stop at the right times - init.d or systemd. I also add the script above, along with a shorewall restart, to my ppp ip-up script such that I adjust the bandwidth each time the ppp line restarts
/etc/ppp/ip-up.local:
/sbin/shorewall restart
/etc/mlvpn/retrain.sh
###Results So far the results are extremely good. It would CLEARLY be much better to have a clean way of dealing with devices instead of ip addresses in the config file, and equally to dynamically adjust bandwidth. However, the results are pretty good, I get fairly good performance (effectively x+y), and it seems to be fairly robust (at least so far). Cost wise, I was paying for the two lines anyway, adding an OVH VPS adds a few euro's to the deal... but not so bad.
###OVH's (open source) solution It is interesting to note, at least in France, OVH are offering exactly this sort of technology, wrapped up in a product they call over-the-box (hover-z-box, I think it might be some sort of christmas gift to replace yoyo's in years to come :-)) ), the source code of which is available from their github. It rolls a lot of things together, and maybe is a better solution that mlvpn, (though, to me, it seems mlvpn works nicely and is easier to handle) - for a review - see here : http://bitsofnetworks.org. The 'good news' is, if you have your own 'box' (aka router), the cost of an OVH VPS is less than a half of their over the box solution...