Hello,
This has to be logically a quite simple environment to set up, but I can't just overcome it. The situation is that our ISP is blocking the IPSec, PPTP, GIF tunnels, so I decided to establish an IPIP tunnel over protocol number 94 with NOS-TUN. The tunnel is working perfectly, but the problem is that it seems the ISP is also limiting the throughput of any unknown protocol, which is 94 in my case. So I decided to set up two tunnels over protocol 94 and 95, then load-balance the bandwidth equally between them to aggregate the total throughput. I thought that LAGG would to this for me, but it seems that it is for physical interfaces only, so I chose PF and I read this article, but I get a syntax error when I try to start PF.
Here is my pf.conf content on FreeBSD box 1:
The other side's pf.conf is as follows:
What am I missing here? Is there any other way to load-balance between these tunnels?
This has to be logically a quite simple environment to set up, but I can't just overcome it. The situation is that our ISP is blocking the IPSec, PPTP, GIF tunnels, so I decided to establish an IPIP tunnel over protocol number 94 with NOS-TUN. The tunnel is working perfectly, but the problem is that it seems the ISP is also limiting the throughput of any unknown protocol, which is 94 in my case. So I decided to set up two tunnels over protocol 94 and 95, then load-balance the bandwidth equally between them to aggregate the total throughput. I thought that LAGG would to this for me, but it seems that it is for physical interfaces only, so I chose PF and I read this article, but I get a syntax error when I try to start PF.
Here is my pf.conf content on FreeBSD box 1:
Code:
lan_net = "192.168.20.0/24"
int_if = "em0"
ext_if1 = "tun94"
ext_if2 = "tun95"
ext_gw1 = "192.168.94.1"
ext_gw2 = "192.168.95.1"
pass in on $int_if from $lan_net route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin
pass out on $ext_if1
pass out on $ext_if2
pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2)
pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1)
The other side's pf.conf is as follows:
Code:
lan_net = "192.168.21.0/24"
int_if = "em0"
ext_if1 = "tun94"
ext_if2 = "tun95"
ext_gw1 = "192.168.94.2"
ext_gw2 = "192.168.95.2"
pass in on $int_if from $lan_net route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin
pass out on $ext_if1
pass out on $ext_if2
pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2)
pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1)
What am I missing here? Is there any other way to load-balance between these tunnels?