Tutorial Asus Dual WAN Router Load Balancing and Failover Router Problems and Fix

[Tech Junky]

If you're using Mikrotik be aware:

Seems to only mention Mikrotik but, in essence is you leave ports open for legacy protocols you can be hijacked for a DDOS.

DROP / REJECT ALL and permit what you need as needed.

 

[Darkje]

So guys to see if a microtik (or any other) device would solve my loadbalance issues I found the following logical issue. I set up a openwrt unit as load balancing device and attached my 2 connections. All working like a charm. But when I use a VPN on my Asus. It can only use one channel. When it is on my Asus directly it is routed over both connections and doubles the speed. Any suggestions to get it using both connections when using a "external" loadbalancer?

 

[garycnew]

So guys to see if a microtik (or any other) device would solve my loadbalance issues I found the following logical issue. I set up a openwrt unit as load balancing device and attached my 2 connections. All working like a charm. But when I use a VPN on my Asus. It can only use one channel. When it is on my Asus directly it is routed over both connections and doubles the speed. Any suggestions to get it using both connections when using a "external" loadbalancer?

Is the OpenWRT performing Round-Robin Loadbalancing (like the Asus) or Link Aggregation? Per-Packet Link Aggregation can cause issues with a VPN depending on the latency with each path taken. Per-Flow Link Aggregation is more suitable for a VPN. If you're OpenWRT is configured to perform Link Aggregation: Do a search for "VPN over LACP" for more information.

 

[Darkje]

Sooo this has got me to Google allot. I have setup 2 cable connections two load balance within openwrt and I have a DHCP running to the wan of the Asus. All works I do need a vlan/DMZ to the Asus to not get any issues but the first results are amazing. No timeout and stuff any more. But now I really didn't find out what open wrt uses. I think it is round Robin indeed since it uses mwan3.

 

[garycnew]

I think it is round Robin indeed since it uses mwan3.

Correct... Per the Mwan3 Manual. It should work. I'm not sure why you would be running into VPN issues.

 

[Darkje]

Correct... Per the Mwan3 Manual. It should work. I'm not sure why you would be running into VPN issues.

It's not an issue. I just want both connections to be used. Since the Asus uses the hw encryption, it is fast. But it seems to lock in one connection, rather then two.

 

[garycnew]

it seems to lock in one connection, rather then two.

This is by design, using Round-Robin (Per-Flow) Loadbalancing, so packets arrive in the order they were transmitted and the preferred method for use with virtual circuits. If Per-Packet Link Aggregation were used, there is a good chance packets would arrive, from the separate paths, out of order and the remote host would request that they be retransmitted.

 

[Darkje]

How is it arranged in the asus unit. It max out over both connections.

This is by design, using Round-Robin (Per-Flow) Loadbalancing, so packets arrive in the order they were transmitted and the preferred method for use with virtual circuits. If Per-Packet Link Aggregation were used, there is a good chance packets would arrive, from the separate paths, out of order and the remote host would request that they be retransmitted.

 

[garycnew]

How is it arranged in the asus unit. It max out over both connections.

Asuswrt uses Weighted, Round-Robin Loadbalancing (not Per-Packet).

What do you mean by, "It max out over both connections?"

Are you suggesting you are loadbalancing on both the OpenWRT and Asuswrt?

Please be a bit more descriptive.

 

[Darkje]

So when I use a VPN client on the Asus. With dual wan enabled. I can use both connections and the VPN can get double speed.

When I set back to single wan. And use a separate loadbalancer (openwrt) the VPN configured on the Asus can only use one WAN connection instead of the 2 available connections.

More clear?

 

[garycnew]

So when I use a VPN client on the Asus. With dual wan enabled. I can use both connections and the VPN can get double speed.

Hmm... Are you positive a single VPN client is getting double the speed connected to the Asuswrt? Unless Asuswrt has introduced true Link Aggregation within a recent firmware update, I don't see how it's possible for a single VPN client to get double the speed. Two separate VPN clients could make use of the two different connections, but not at double the speed.

When I set back to single wan. And use a separate loadbalancer (openwrt) the VPN configured on the Asus can only use one WAN connection instead of the 2 available connections.

As the Asuswrt and OpenWRT perform the same type of loadbalancing, there's really no advantage of using both of them; unless, you need the OpenWRT for some other functionality that the Asuswrt doesn't provide.

 

[Darkje]

So if I set 2 VPNs in the asus and load balance true open wrt I will get max speed?

 

[garycnew]

So if I set 2 VPNs in the asus and load balance true open wrt I will get max speed?

With Asuswrt or OpenWRT Loadbalancing, any single VPN can make use of a single Internet connection at any given time with the max speed being that of a single Internet connection.

If you increase that by two VPN connections, you could make use of both Internet connections separately, but the max speed still being that of each single Internet connection. Route the First VPN through the First Internet Connection and the Second VPN through the Second Internet Connection.

 

[Darkje]

With Asuswrt or OpenWRT Loadbalancing, any single VPN can make use of a single Internet connection at any given time with the max speed being that of a single Internet connection.

If you increase that by two VPN connections, you could make use of both Internet connections separately, but the max speed still being that of each single Internet connection. Route the First VPN through the First Internet Connection and the Second VPN through the Second Internet Connection.

Ok, now I need to figure out how, hehe

 

[garycnew]

Ok, now I need to figure out how, hehe

Asuswrt provides a routing section under the Dual-WAN feature for this purpose.

 

[Darkje]

Asuswrt provides a routing section under the Dual-WAN feature for this purpose.

Uhmm lets make it more clear.

.(Conn1)........(Conn2)
......|.....................|.........
...... \................../.........
.......... [Openwrt]..........
..................|..................
........[Asus+VPN].........

 

[garycnew]

Uhmm lets make it more clear.

.(Conn1)........(Conn2)
......|.....................|.........
...... \................../.........
.......... [Openwrt]..........
..................|..................
........[Asus+VPN].........

.(Conn1)........(Conn2)
......|.....................|.........
.[Route1]........[Route2].
...... \................../.........
..[VPN1+Asus+VPN2]..

 

[Darkje]

.(Conn1)........(Conn2)
......|.....................|.........
.[Route1]........[Route2].
...... \................../.........
..[VPN1+Asus+VPN2]..

Yeah that's what I thought. And I need to arrange this in openwrt right. Tel him to forward vpn1 op to wan 1 and visa versa.

P.s. it makes a real big difference to let the loadbalancing be done by a different device. I didn't have any time-out or DNS crap anymore. To bad a expensive device like this (that I actually bought because of dual-wan) can not so this properly.

 

[garycnew]

Yeah that's what I thought. And I need to arrange this in openwrt right. Tel him to forward vpn1 op to wan 1 and visa versa.

P.s. it makes a real big difference to let the loadbalancing be done by a different device. I didn't have any time-out or DNS crap anymore. To bad a expensive device like this (that I actually bought because of dual-wan) can not so this properly.

In my example, I removed your OpenWRT device from the topology, terminating Conn1 and Conn2 into the Asuswrt Dual-WAN, and used the Dual-WAN Routing feature to route VPN1 to Conn1 and VPN2 to Conn2.

 

[Darkje]

In my example, I removed your OpenWRT device from the topology, terminating Conn1 and Conn2 into the Asuswrt Dual-WAN, and used the Dual-WAN Routing feature to route VPN1 to Conn1 and VPN2 to Conn2.

on asus thats the only thing working.... 1 vpn over dual connection. As you noticed normal surfing is imposible. so i need the loadbalancer