First off this is for home use. I have a 1G internet connection and I use PIA for my vpn. The speeds I get from the VPN are around 30-40mbps. I’m trying to figure out a way to get more throughout from this and I thought I could setup a lagg with 6 vpn connections and load balance them. But I can’t seem to make it work, the lagg interface doesn’t work.
Before I spend any more time on it I thought I’d see if it’s even possible since the vpn links are virtual. Or if there’s an other option.
this is going to be the most curmudgeon thing I’ve ever posted…but has pfSense become the FOSS go-to for seedbox howto shovel blog followers? I’m ok with that as a user base… but maybe find a way to contribute back to the project somehow?
(prepares for the incoming downvotes)
Op - what you want is to optimize throughput. That’s a different question than what you asked about LAGG. You might want to re-post or edit this post to be more simple. How do I optimize throughput with (presumably) OpenVPN?
Or, how might I optimize throughput across multiple VPN client interfaces?
I’m not criticizing your request or journey, I’m suggesting that how you ask the question greatly affects the results you get.
As others have suggested, you might find the most benefit in sending a specific host or port (or alias of ports) over a gateway group for your VPN client interfaces. Research split tunneling.
Also it’d be helpful to understand the configuration of each tunnel and its server. What crypto are you using? Does your CPU support offloading it? Can you move to DCO? Are you bandwidth limited, CPU limited, NIC limited, crypto limited…?
how are you testing? What’s your hardware? Is your 1G (assuming Gbps) connection symmetrical?
Again, happy to help support this journey, but we need more info. And, if it works for you, please consider finding a way to contribute to the project.
No offence OP… but I keep reading in here about home users tunnelling everything through VPN’s. Why???
Does it make you feel warm and fussy and under cover? Or is it to circumvent Netflix stuff?
I would suggest to you if I did an audit of your network and clients, you have way bigger problems than what you hope to solve with a VPN.
Just saying, my 2 cents.
LAG (link aggregation) is used to bundle physical cables into one logical link. No, you can’t bundle vpn interfaces.
For more throughput, try setting up different types of vpns with PIA such as Wireguard, IPSEC, Open VPN, to determine which one performs better.
If you’re trying to load balance using multiple vpn gateways, you can by creating a gateway group; then reference your gateway group as the gateway for your vpn traffic.
Lag layer 2
Vpn L3 overlay
Ans - No, not possible
I created a gateway group with 5 VPN clients to NordVPN and aggregated bandwidth up to ~750M.
I think you are looking for this kind of solution:
Maybe take a look for an equivalent on pfsense
Standard LAG would not do it (as it’s purely L2 and expect equal latency on all links)
What a complete waste of life your reply was…
First you’re calling OP a blog follower, as if that’s all beneath you, then you ask them to contribute to a project they clearly don’t know how to use yet!
His question is valid, especially coming from someone who doesn’t understand how pfsense works yet. I’m no pfsense/contributor/guru/l33t h4x0r like you and it’s obvious that they need to use gateway groups.
All your follow-up questions are dumb in light of what they’re asking, try training your reading comprehension before wasting everyone’s time with your ignorant, hollier-than-thou attitude
It’s for downloading stuff. I have an automated setup with a docker swarm so it all goes through a VLAN that’s got the VPN as a gateway. It also has a kill switch.
I absolutely agree that I would have much bigger issues than the vpn in my network but to be honest its way more of a hobby than actual security. If I didn’t have the vpn I wouldn’t care.
That’s a silly arrogant view. If you don’t know actual solutions and just want to shit on someone, go talk to your mom.
I want to torrent without dmca notices
Business do it pretty often, our guest networks do this because we kept getting too many abuse notifications.
That’s what I have now. PIA allows up to 6 connections so I have 4 running in a GG. But I didn’t realize you can loadbalance them, I thought it was just failover.
A gateway group is possible. You can set it up in load balance fail over ect…
Yeah that’s what I’ve discovered. Is there a LAGG-like feature for L3?
How did you aggregate them?
Jeebus. Don’t hold back. Tell me how you really feel.
Asking follow up questions for more details isn’t as hostile as you think.
I want to torrent without dmca notices
OK, but even then you wouldn’t need your whole network through a VPN would you? You can do it on the client.
For each OpenVPN client, create an interface.
Create a NAT from LAN to each interface.
Create a gateway group for the multiple OpenVPN interfaces with all set at Tier 1.
Then in your LAN fw rules, create a rule that sends all LAN to the new gateway group.
Yea very true, but I don’t trust friends or family to make sure that its turned on and not leaking so it was just easier for me to vpn the entire network. With wireguard I can get 90% of my advertised gigabit speed so there isn’t much downside.