Project

General

Profile

Actions

Feature #6022

open

Consider MLVPN for bonded VPN

Added by Michael OBrien over 8 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
03/24/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

In a few different situations, I've had clients require Peplink's Speedfusion for multiple-link VPN aggregation between endpoints. I'd love to be able to use an open source solution for them (pfSense, really), and saw this on GitHub:

https://github.com/zehome/MLVPN

After quick compile and config on a few FreeBSD boxes, it seems like it works pretty well. I'm no security expert, so I'm not sure if the encryption is good, but I thought it would be worth bringing to the community's attention as a possible feature!

Actions #1

Updated by Phillip Davis over 8 years ago

+1 for this functionality, whatever the actual solution used.

There are cases where a client office wants VPN connectivity up to a central office. In the easy case, the client office has multiple high-bandwidth WAN connections through different ISPs, and the required uplink speed to central office is less than 1 of these connections, so they make a single client VPN that is tied to a failover group, then it will use 1 of whichever WAN connections is up.

The single VPN link does not work when:
a) The client site wants redundancy, but not at the price of buying loads of normally-unused bandwidth. So they buy multiple smaller pipes from different ISPs and load-balance their normal internet, accepting reduced bandwidth when 1 ISP is down. They might want normal total VPN bandwidth to central office greater than any single ISP connection.

b) The client site cannot buy a fast enough single internet connection (e.g. the town is in a remote location), so they buy multiple links (maybe even with the same ISP) to achieve sufficient total bandwidth for all their users. Then they often also want the normal total VPN bandwidth to central office greater than any single ISP connection.

Some way to have MLPPP equivalent with VPN fixes these scenarios.

Actions #2

Updated by Michael OBrien over 8 years ago

Right - I've been looking for an open-source equivalent of Peplink's Speedfusion for some time, and MLVPN is just the first one I've found that is easy enough for my brain to comprehend :)

Actions #3

Updated by Adam Gibson almost 8 years ago

There appears to be a port for MLVPN now:
https://www.freshports.org/net/mlvpn/

This could be used as a basis for a pfSense package.

Actions #4

Updated by koo kim almost 8 years ago

+1

It's too bad that pfSense do not have this functionality yet
Many of us use multiple WANs please consider MLVPN or others solutions for bonded VPN

Actions #5

Updated by mark rousseau almost 8 years ago

This feature would bring high value to the product and really make it stand out from the crowd. Not many solutions are available that do this without being a bit of pain.

I would pony up some money for this feature to be implemented!

koo kim wrote:

+1

It's too bad that pfSense do not have this functionality yet
Many of us use multiple WANs please consider MLVPN or others solutions for bonded VPN

Actions #6

Updated by Mike T about 7 years ago

Has there been any traction with this? I have been looking for something like this too. I'll add to the kitty for this.

Actions #7

Updated by IT IGP over 6 years ago

any news?
we would also really love to have this!

Actions #8

Updated by Michael F about 6 years ago

+1 here...

Some countries, like where I am, we don't have a larger uplink DSL than 1MB!

more than 1MB should have the lease line solution that costs x10 of the DSL cost.
but we are having a out of country gig server, that we may tunnel the traffic to it over the N-number of the DSL.

Actions #9

Updated by Marvin Klose over 5 years ago

If someone would add something to my Bounty maybe we will get it faster?
https://forum.netgate.com/topic/144050/multi-wan-bonding-100/4

Actions #10

Updated by Jim Pingle over 5 years ago

  • Project changed from pfSense to pfSense Packages
  • Category set to New Package Request
Actions #11

Updated by James Tandy about 5 years ago

https://forum.netgate.com/topic/144050/multi-wan-bonding-150

Added my 2 cents to the forum post, and added $100 to the bounty.

Actions #12

Updated by Val Schmidt almost 4 years ago

+1 for this feature.
As I understand it (which may be incorrect), pfSense "bonding" only load-balances by number of connections blindly, without any regard to the fraction of the available bandwidth consumed on the available links. This doesn't really feel like load balancing at all, and it seems to me this feature would finally provide it.

Actions

Also available in: Atom PDF