10444 questions

12453 answers

19377 comments

21854 members

0 votes
279 views 5 comments
by

Hi,

we have a RUT955 and try to establish a connection to our VPN server via two connection. WAN (wired) which is the configured as the main WAN and mobile which is configured as "Load Balancing".

Ratio is configured with 10 to 1, but I've tried pretty much every possible ration.

When run in this configuration, the traffic when looking under Status-->Graphs-->Traffic-->Mobile is constantly 0 and under Status-->Graphs-->Traffic-->WAN (Wired) always around 7 kB/s.

If I turn around the configuration (Mobile becomes main WAN and Wired becomes "Load Balancing"), load balancing works just fine. Since the wired WAN connection is the more reliable one, I'd like to keep this as my main WAN.

FW ver.: RUT9XX_R_00.06.07

Any ideas whats the matter with this?

Ian

1 Answer

0 votes
by
Hi,

What is the VPN you're running?

Load balancing might not work with this set-up as VPN uses one IP on each side to establish the tunnel, so let's say you're running load balancing - it will use a random interface to establish if it's undefined in the settings and even then it might not work as it supposed to. In most of the cases VPN service requires its own failover or load balancing development to make it work as some of the services do not know when to restart and what interfaces to use when one of the interfaces break.

EB.
Best answer
by
Hi EB,

thank you for your quick response. Not sure what you mean with "what is the VPN you're running"? You mean this is something I can define in the Teltonika settings or does this has to be defined in the configuration of the VPN server?

Or would I technically need another VPN certificate and a second IP to make that work?

Regards Ian
by
Well, there are loads of VPN services and sometimes just "VPN" is not enough to indicate what protocols, tunneling, phases, configuration types "VPN" uses. For example IPSec, OpenVPN, DMVPN, Stunnel, L2TP, WireGuard, Zerotier and so on.

EB.
by

Oh I see, we use OpenVPN. But for now I disabled VPN. So what I did now is ping with the mobile interface

ping -I 3g-ppp 8.8.8.8 wich works just fine:

then unplug the WAN wire and do a pin without the -I option. And nothing happens at all. It doesn't do a ping until I plug in the WAN wire. Once WAN is pluged in, the ping starts with the wired Interface.

The tcpdump file looks like this. I started pinging at around 25 seconds. Plugged inthe wire at around 46 seconds.

I would expect, that pings are eaqually distributed between WAN (wired) and mobile. But the mobile ping only works when specifing the mobile interface.

by
Load balancing in this case splits the services between interfaces, not the packets themselves, so with the ping, it will take the main WAN connection, but if you like to try to browse something or do speed tests - it will take a random interface according to the proportions set in load balancing, so if it's 5 on mobile and 5 on wired, it will split the services into 50/50 chance. One time you open the page it will use mobile, another time there's a 50/50 chance that after refresh it will load with the wired wan connection.

EB.
by
Ok in that case I probably have to look into running a second tunnel somehow and assign the mobile interface to get a higher availability.

Thank you EB!