[Firewall] Multirouting over vpn tunnels

Lonnie Abelbeck lists at lonnie.abelbeck.com
Thu Sep 24 23:21:24 CEST 2015

Hi Erik,

I'll first qualify my response that I have not used the multiroute plugin, but possibly I can add something...

First, in order to "max out my connection speed" understand where the weak-link (so to speak) is.  Usually the OpenVPN tunnel is limited by the slowest endpoint's crypto speed, so unless the remote endpont's crypto speed is the weak-link no amount of routing tricks will fix that.

So let's presume that your OpenVPN remote endpont's are the limiting factor, and multi-routing between two different endpoints will improve your overall VPN speed.

So in your example, the MULTIROUTE_EXT_IP1 / MULTIROUTE_EXT_ROUTER1 pair must both be on the same subnet, MULTIROUTE_EXT_IP1 is the local tun1 address and MULTIROUTE_EXT_ROUTER1 is the remote (next-hop) gateway address, which depends on the OpenVPN "Topology" setting.  The key point here is both IP addresses must be in the realm of the "tun" interface. Ditto for the second OpenVPN tunnel.

Just guessing, if you can't find an example of doing this via Google, it probably doesn't work.

This might be useful reading:
HOWTO: Multirouting with Linux


On Sep 24, 2015, at 2:54 PM, Erik Norman Stetter <e.n.stetter at gmail.com> wrote:

> Hello,
> I'm trying to set up the multiroute plugin for usage with multiple vpn tunnels, to max out my connection speed.
> I have two tun-adapters, tun1 and tun2, created by openvpn, each having the same external ip of course.
> So I configure the plugin like this:
> # Settings for the first interface:
> # ------------------------------------------------------------------------------
> MULTIROUTE_EXT_ROUTER1=<IP of the first vpn server>
> MULTIROUTE_EXT_IP1=<the external ip of my tun adapters>
> # Settings for the second interface:
> # ------------------------------------------------------------------------------
> MULTIROUTE_EXT_ROUTER2=<IP of the second vpn server>
> MULTIROUTE_EXT_IP2=<the external ip of my tun adapters>
> When I start the firewall the plugin puts out:  Error: either "to" is duplicate, or "equalize" is a garbage.
> Which is right because "to", is indeed a duplicate. 
> Why can't I use the plugin the way I intend to? Is there a solution to this, or does any of you know an alternative way of doing this? 
> -- 
> Erik Norman Stetter
> e.n.stetter at gmail.com
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

More information about the Firewall mailing list