VPN w/ Dual WAN?

[Authority]

I'm starting a new thread since asking this in another thread didn't get any traction.

How is VPN handled in a dual WAN scenario? In load balancing, ideally, both WAN would connect. But I can see it being more complicated, as not all VPNs will allow a second connection with the same credentials (though mine will) and there's not a way to specify a specific VPN for each WAN that I have seen?

Thanks in advance. Really great to have people who know more than me to ask!

 

[pete y testing]

How is VPN handled in a dual WAN scenario?

simply its sent down one of the connections as thats how load balancing works one protocol goes to wan 1 <<< next protocol goes to wan 2 >>>

ideally, both WAN would connect.

that is link aggregation / bonding and is totally different

 

[Martineau]

I'm starting a new thread since asking this in another thread didn't get any traction.

How is VPN handled in a dual WAN scenario? In load balancing, ideally, both WAN would connect. But I can see it being more complicated, as not all VPNs will allow a second connection with the same credentials (though mine will) and there's not a way to specify a specific VPN for each WAN that I have seen?

Thanks in advance. Really great to have people who know more than me to ask!

Indeed an interesting conundrum!

I believe simple load-balancing across multiple interfaces utilises the iptables nexthop directive, and because of caching, this may or may not actually have any positive noticeable effect.

By balancing your routes you potentially have more bandwidth available to you, but as clarified by @pete y testing, this is not the same as multiplexing or bonding

i.e. a single download thread will NOT run at the combined throughput of concurrently available interfaces; however if you start a second thread it will possibly use the next interface and you should in theory achieve improved bandwidth utilisation?

So in this example clearly the round-robin with the bias 3:1

ip route add equalize default
ip route add default scope global nexthop via xxx.xxx.xxx.xxx dev eth0  weight 3 \
                                  nexthop via yyy.yyy.yyy.yyy dev usb0  weight 1

is a valid configuration allowed by the DUAL WAN GUI configuration panel, but would the following MULTI-WAN manual configuration

ip route add equalize default
ip route add default scope global nexthop via xxx.xxx.xxx.xxx dev eth0  weight 3 \
                                  nexthop via yyy.yyy.yyy.yyy dev usb0  weight 2 \
                                  nexthop via zzz.zzz.zzz.zzz dev tun11 weight 1

be actually honoured?

NOTE: I believe there is an article that states FTP/HTTPS server route balancing needs careful consideration, and that addition firewall/policy rules may need to be created depending on specific local requirements.

 

[Authority]

simply its sent down one of the connections as thats how load balancing works one protocol goes to wan 1 <<< next protocol goes to wan 2 >>>



that is link aggregation / bonding and is totally different

While they aren't bonded it really doesn't matter particularly in a multi-user or multi-device environment or even torrenting.

The question is the VPN part. There's not a setting for a VPN connection for a second WAN.

 

[Authority]

By balancing your routes you potentially have more bandwidth available to you, but as clarified by @pete y testing, this is not the same as multiplexing or bonding

i.e. a single download thread will NOT run at the combined throughput of concurrently available interfaces; however if you start a second thread it will possibly use the next interface and you should in theory achieve improved bandwidth utilisation?

So in this example clearly the round-robin with the bias 3:1.

That's my goal. Not sure why the default bias is 3:1?

 

[Martineau]

That's my goal. Not sure why the default bias is 3:1?

One man's default is another man's frustration?

ASUS programmers probably correctly believed that the majority of users (pre-fibre) back in the days of the original release of the RT-N66U probably had a meagre 5Mb ADSL link and a 1Mb USB SIM-modem that was expensive, hence the default 3:1 asymmetrical bias although I purchased the RT-N66U a few weeks after it was released explicitly for the advertised DUAL-WAN failover feature.

In the UK, I doubt that anyone would have say DUAL 200Mb fibre links so I suspect that a default 1:1 ratio would remain inappropriate for most home environments.