8/26 I've ended up with two dsl lines at my house till the
end of the year or so. I would like to run some sort
of routing protocol so that I can maximize my bandwidth
by using both lines. I'm not sure how to go about setting
this up, any pointers/ideas? I'm running *bsd if that
makes a difference. tia.
\_ there are several ways to do this, but I doubt any of these
features exist on a desktop OS. You need a router in between
your PC and the two DSL lines. Things such as multilink PPP,
LACP (link aggregation), and other load balancing schemes can
make use of two physical links. PBR can work, but it's really
overkill. A link layer protocol can do this in a much
simpler and stable fashion. -cisco guy
\_ for the most part, not possible unless you do some very
fancy policy based routing... not worth the trouble.
\_ Okay, would it be possible to say just route vpn
traffic on one dsl line and http/ftp traffic on
the other?
\_ and make life, support and debugging a living hell?
What if one DSL line goes down? Nevermind the fact
that you are probably going to get fired by your
company for compromising their vpn/intranet
And you're going to go thru the effort to set that
up and use it for 3 whole months?
Besides, why did you let SBC/PacBell screw you like that?
\_ why would my having two dsl lines compromise
my company's security? (I own both the lines
an neither is directly connected to my company
except when I have a vpn up)
\_ Because you are trying to set up a split tunnel VPN
I am assuming you are doing that because you are
bright. If you are doing it for some other reason
they you really have a chance to get into trouble.
\_ I guess I should clarify. I have one machine
with multiple outbound connections. It acts
as a firewall/router for the other systems
at my house. It doesn't (and can't) run the
vpn software. What I want to do is to have
this machine route all the ipsec traffic
from my other machines out one interface
and route all the other traffic out the other
interface. When the other machines are using
a vpn they run in full tunnel mode so I don't
have to worry about debugging problems from
using a split tunnel.
I know the quick and dirty way to do this is
to use a bunch of static routes but I wanted
to see if there was some way that I could get
around using static routes and just route
pkts based on whether or not they were ipsec
encapsulated or not.
\_ Sure, no problem. Ignore the nay sayers. They have different
IPs so assign a different domain or hostname, etc to each one.
Changing DNS later is trivial. You won't get fired anymore
than you would have doing what you're doing on one line.
Apache, sshd, and many other common servers can be told to
only listen on a particular ip/port. Unless you've got huge
traffic on some service you won't notice the difference but
it's a good learning experience.
\_ okay.. explain this some more then. what you're describing
still requires policy based routing to work. the machine
may set the outbound ip to one on the second dsl line
but it will still at least try to go out the first line
since that is the default route. on top of that, the
isp of the first line may drop the outbound packet since
it's not one of their own. -shac
\_ Static route to vpn server. It's the only place he
wants that line to go. You can call that 'policy
based' routing if you like. I'm not going to quibble
over terminology. |
http://csua.com/feed/