OPENVPN - Multiple Server Processes to Combine Link Speeds
Multiple_Server_Processes_to_Combine_Link_Speeds
Configure OpenVPN Server Process for Multiple Links
Create Multiple OpenVPN Configuration Files
The first step is to create two separate OpenVPN server configurations, each bound to a different internet link. This will allow the OpenVPN process to listen on different interfaces for each connection.
Example `server1.conf`:
port 1194 proto udp dev tun server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.8.0.0 255.255.255.0" push "redirect-gateway def1" ca /etc/openvpn/ca.crt cert /etc/openvpn/server1.crt key /etc/openvpn/server1.key dh /etc/openvpn/dh2048.pem server-bridge push "dhcp-option DNS 8.8.8.8" ;bind to the first internet link's IP address local 192.168.1.100
Example `server2.conf`:
port 1195 proto udp dev tun server 10.8.1.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.8.1.0 255.255.255.0" push "redirect-gateway def1" ca /etc/openvpn/ca.crt cert /etc/openvpn/server2.crt key /etc/openvpn/server2.key dh /etc/openvpn/dh2048.pem server-bridge push "dhcp-option DNS 8.8.8.8" ;bind to the second internet link's IP address local 192.168.2.100
Enable Multi-Path TCP (MPTCP)
MPTCP is an extension of TCP that allows multiple paths to be used simultaneously. This feature is crucial for combining the bandwidth of two internet connections. You will need to enable MPTCP on your server.
To enable MPTCP, add the following kernel parameters to your system configuration:
- Edit the sysctl file `/etc/sysctl.conf` and add:
net.mptcp.enabled=1 net.mptcp.mptcp_enabled=1
- Apply the changes:
sysctl -p
- Confirm MPTCP is enabled with:
sysctl net.mptcp.enabled
Configure Load Balancing Between the OpenVPN Instances
Use a load balancer or routing policy to combine the traffic across the two OpenVPN server processes. This will ensure that the incoming and outgoing VPN traffic is distributed evenly between both internet links.
A simple example using iproute2 for load balancing:
ip route add default via 192.168.1.1 table 1 ip route add default via 192.168.2.1 table 2 ip rule add from 192.168.1.100 table 1 ip rule add from 192.168.2.100 table 2
In this example, packets from the first link (192.168.1.100) will be routed through `table 1`, and packets from the second link (192.168.2.100) will be routed through `table 2`. You can further optimize the load balancing rules based on your use case.
Verify and Test the Setup
Once you have set up the configuration files and load balancing, it's time to test the system.
- Start the OpenVPN server processes with:
openvpn --config /etc/openvpn/server1.conf openvpn --config /etc/openvpn/server2.conf
- Ensure that both VPN connections are active and routing traffic correctly. - You can verify the bandwidth aggregation by running tests like `iperf` or checking the speed of the outgoing and incoming VPN traffic.
Useful Links
- [OpenVPN Official Documentation](https://openvpn.net/community-resources/)
- [MPTCP Project](https://www.multipath-tcp.org/)
- [iproute2 Documentation](https://man7.org/linux/man-pages/man8/ip.8.html)
- [MPTCP Enablement in Linux](https://www.kernel.org/doc/html/latest/networking/mptcp.html)
