[Shorewall-users] Problem with Load Balancing / Failover with multiple ISPs and VPN connections to several branches

Koch, Andre Wed, 07 Apr 2010 10:31:44 -0700

Hello,

i have problems to set up shorewall with multiple branches connected
over vpn to one headquarter.
each branch has two wan connections, one for citrix traffic and the
other line for web, etc (the headquarter has as well two wan
connections).
so, i have set up two vpn tunnels for each branch to the headquarter.
there we have two systems with strongswan/shorewall and another system
with shorewall which routes / load balances vpn traffic.


Chart:

Branches                              Headquarter

+--+------vpn1b1------>vpn1hq                    +------+
|B1|                                  <---WAN1---|vpn1hq|
+--+------vpn2b1------>vpn2hq
+------+<----->+--------+
 
|balancer|
                                                                |
|
+--+------vpn1b2------>vpn1hq
+------+<----->+--------+
|B2|                                  <---WAN2---|vpn2hq|
+--+------vpn2b2------>vpn2hq                    +------+

... 
              
+--+------vpn1bx------>vpn1hq
|Bx|
+--+------vpn2bx------>vpn2hq

So, i configured the two wan connections of the headquarter in the
providers file.
With lsm, the failover routing works on balancer, but only for the two
wan connections.
what about the branches? if a vpn tunnel breaks, the balancer dont
recognize this.
so, i decided to reconfigure the providers file and lsm with all vpn
connections to the branches.
but, if vpn2b1 breaks, shorewall routes ALL traffic over vpn1hq,
although wan2 is still working...

The base configuration was the example MyNetwork:
http://www.shorewall.net/MyNetwork.html

how can i detect, if a vpn tunnel to a branch breaks and reroute the
traffic over vpn1hq or vpn2hq?
the goal is, failover in worst case for branches / headquarter and in
normal case load balancing / traffic shaping.


kind regards,
Andre

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Problem with Load Balancing / Failover with multiple ISPs and VPN connections to several branches

Reply via email to