Consider MLVPN for bonded VPN
In a few different situations, I've had clients require Peplink's Speedfusion for multiple-link VPN aggregation between endpoints. I'd love to be able to use an open source solution for them (pfSense, really), and saw this on GitHub:
After quick compile and config on a few FreeBSD boxes, it seems like it works pretty well. I'm no security expert, so I'm not sure if the encryption is good, but I thought it would be worth bringing to the community's attention as a possible feature!
#1 Updated by Phillip Davis about 5 years ago
+1 for this functionality, whatever the actual solution used.
There are cases where a client office wants VPN connectivity up to a central office. In the easy case, the client office has multiple high-bandwidth WAN connections through different ISPs, and the required uplink speed to central office is less than 1 of these connections, so they make a single client VPN that is tied to a failover group, then it will use 1 of whichever WAN connections is up.
The single VPN link does not work when:
a) The client site wants redundancy, but not at the price of buying loads of normally-unused bandwidth. So they buy multiple smaller pipes from different ISPs and load-balance their normal internet, accepting reduced bandwidth when 1 ISP is down. They might want normal total VPN bandwidth to central office greater than any single ISP connection.
b) The client site cannot buy a fast enough single internet connection (e.g. the town is in a remote location), so they buy multiple links (maybe even with the same ISP) to achieve sufficient total bandwidth for all their users. Then they often also want the normal total VPN bandwidth to central office greater than any single ISP connection.
Some way to have MLPPP equivalent with VPN fixes these scenarios.
#5 Updated by mark rousseau about 4 years ago
This feature would bring high value to the product and really make it stand out from the crowd. Not many solutions are available that do this without being a bit of pain.
I would pony up some money for this feature to be implemented!
koo kim wrote:
It's too bad that pfSense do not have this functionality yet
Many of us use multiple WANs please consider MLVPN or others solutions for bonded VPN
#8 Updated by Michael F over 2 years ago
Some countries, like where I am, we don't have a larger uplink DSL than 1MB!
more than 1MB should have the lease line solution that costs x10 of the DSL cost.
but we are having a out of country gig server, that we may tunnel the traffic to it over the N-number of the DSL.
#9 Updated by Marvin Klose almost 2 years ago
If someone would add something to my Bounty maybe we will get it faster?
#11 Updated by James Tandy over 1 year ago
Added my 2 cents to the forum post, and added $100 to the bounty.
#12 Updated by Val Schmidt 3 months ago
+1 for this feature.
As I understand it (which may be incorrect), pfSense "bonding" only load-balances by number of connections blindly, without any regard to the fraction of the available bandwidth consumed on the available links. This doesn't really feel like load balancing at all, and it seems to me this feature would finally provide it.