Login or Register to Ask a Question and Join Our Community


IP Networking

Bonding of IP tunnels

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking Bonding of IP tunnels
# 1  
Old 07-04-2012
Bonding of IP tunnels
Hello.
Our Company is spreaded over Germany.
There are main offices an branch offices.
These offices are mostly connecte via multiple sdsl.
We build a IPSEC VPN Infrastructure using Aastaro Security Gateways appliances.
It seemed that only one VPN Connetion between to offices could be established.
There is no chance of bundeling multiple Connections to improve the availabilty and speed.
MLPPP is not supported.
I evaluated a solution to establish more than one VPN tunnel between two offices.
Now i directed two ip tunnels through the VPN Tunnels (IPROUTE2).
These IP tunnels are bonded with ifenslave.

If i connect the internal Routers direct to each other all works fine.
A disconnected Link doesn't trouble.
If i connect the internal Routers via the VPN Tunnel it works fine as long as both links are established. If one Link is lost only every fourth data packet will be transmitted.

Has anyone an idea why this happens?
Is there a better Way to implement multiple Tunnels?

Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Network bonding

Dear All , Very recently we have configured Network bonding in our Linux Server Redhat Linux 5.x. After configuring , we restarted the network services , the link was down after that , we could not login in to the Server. So after that , we logged in to console and tried to... (2 Replies)
Discussion started by: jegaraman
2 Replies

2. Red Hat

Network Bonding Issue

I have one production system where my customized application runs.The applications require seamless network connectivity with different machines connected in LAN and WAN. As these applications are very critical, it is very much required to have a seamless network activity.The applications are... (4 Replies)
Discussion started by: Anjan Ganguly
4 Replies

3. IP Networking

Is bond0 ready and a bonding interface? - 4G Bonding Router Problems (RPI)

HI all, First post on the forum, and my first proper project on the Paspberry Pi, so sorry if this is in the wrong place. I am trying to turn my Pi in to a 3G/4G Bonding router. I have been researching and trying this for a week or so now. The basic plan is to have up to 6 ZTE MF823 USB... (0 Replies)
Discussion started by: elliottlc
0 Replies

4. Red Hat

Bonding a Bond with LACP

Does anyone know if it's possible to bond two bonds together? My situation is I have two older Cisco switches that cannot carry a LACP (bond level 4) aggregated between them, but separate aggregates can be setup on the switches themselves. In order to have redundancy of two switches I would... (0 Replies)
Discussion started by: christr
0 Replies

5. Red Hat

RHEL 5.5 NIC Bonding

I am new to linux. I have a falconstor CDP installation which runs on RHEL 5.5 (Tikanga). There is a vendor option to bond nics in either 802.3ad or round robin, I choose 802.3ad. The server is connected to a Cisco 3750 switch. The problem is dropped packets and eth03 wont come up in the PO... (0 Replies)
Discussion started by: tjcooper
0 Replies

6. Linux

ethernet bonding

I need to enable Ethernet Bonding on three systems, connected together via switch. What I tried ended up with failure, slaves cannot be detected n added to bon0. Here's what I did: created file /etc/modprobe.d/bonding.d and added the following to it: alias bond0 bonding options bonding... (2 Replies)
Discussion started by: dr_mabuse
2 Replies

7. Red Hat

IP Bonding

Hi, What is IP bonding in Linux. What are its advantages How to create a IP bonding in redhat Linux. (1 Reply)
Discussion started by: chetansingh23
1 Replies

8. IP Networking

Bonding Internet Connections

I’m familiar with load balancing.. but Is it possible to actually bond multiple DSL lines together? I hear of ways to bond using MLPPP but that requires support from an ISP. Is there a way to actually bond without support from my ISP, or use say a cable modem and a DSL line together for faster... (0 Replies)
Discussion started by: harley313
0 Replies

9. HP-UX

Sharing ssh tunnels between users

userA and userB are two non-root accounts on HP-UX box. userA creates ssh tunnel (local forward) to some different host. Will userB be able to use that tunnel? What about remote forward? If not, what OS mechanism will prevent it from happening? Unfortunately I am unable to create this setup at this... (0 Replies)
Discussion started by: vkleban
0 Replies

10. UNIX for Advanced & Expert Users

Bridging with SSH Tunnels

Here is the scenario: I use an OpenBSD 2.9 box as my firewall and gateway at the house. One of the boxes behind my OpenBSD box is my FreeBSDBox. I would like to be able to use port forwarding with SSH to enable a secure connection from work to the OpenBSD box and to have the OpenBSD box... (6 Replies)
Discussion started by: auswipe
6 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

shorewall6-tunnels

SHOREWALL6-TUNNELS(5)						  [FIXME: manual]					     SHOREWALL6-TUNNELS(5)

NAME

       tunnels - Shorewall6 VPN definition file

SYNOPSIS

       /etc/shorewall6/tunnels

DESCRIPTION

       The tunnels file is used to define rules for encapsulated (usually encrypted) traffic to pass between the Shorewall6 system and a remote
       gateway. Traffic flowing through the tunnel is handled using the normal zone/policy/rule mechanism. See
       http://www.shorewall.net/VPNBasics.html for details.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       TYPE -
       {ipsec[:{noah|ah}]|ipsecnat|gre|l2tp|pptpclient|pptpserver|{openvpn|openvpnclient|openvpnserver}[:{tcp|udp}][:port]|generic:protocol[:port]}
	   Types are as follows:

		       ipsec	     - IPv6 IPSEC
		       ipsecnat      - IPv6 IPSEC with NAT Traversal (UDP port 4500 encapsulation)
		       gre	     - Generalized Routing Encapsulation (Protocol 47)
		       l2tp	     - Layer 2 Tunneling Protocol (UDP port 1701)
		       openvpn	     - OpenVPN in point-to-point mode
		       openvpnclient - OpenVPN client runs on the firewall
		       openvpnserver - OpenVPN server runs on the firewall
		       generic	     - Other tunnel type

	   If the type is ipsec, it may be followed by :ah to indicate that the Authentication Headers protocol (51) is used by the tunnel (the
	   default is :noah which means that protocol 51 is not used). NAT traversal is only supported with ESP (protocol 50) so ipsecnat tunnels
	   don't allow the ah option (ipsecnat:noah may be specified but is redundant).

	   If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and tcp or udp to specify the protocol to be
	   used. If not specified, udp is assumed. Note: At this writing, OpenVPN does not support IPv6.

	   If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and the port number used by the tunnel. if no
	   ":" and port number are included, then the default port of 1194 will be used. . Where both the protocol and port are specified, the
	   protocol must be given first (e.g., openvpn:tcp:4444).

	   If type is generic, it must be followed by ":" and a protocol name (from /etc/protocols) or a protocol number. If the protocol is tcp
	   or udp (6 or 17), then it may optionally be followed by ":" and a port number.

       ZONE - zone
	   The zone of the physical interface through which tunnel traffic passes. This is normally your internet zone.

       GATEWAY(S) (gateway or gateways) - address-or-range [ , ... ]
	   The IP address of the remote tunnel gateway. If the remote gateway has no fixed address (Road Warrior) then specify the gateway as
	   ::/0. May be specified as a network address and if your kernel and ip6tables include iprange match support then IP address ranges are
	   also allowed.

	   Beginning with Shorewall 4.5.3, a list of addresses or ranges may be given. Exclusion (shorewall6-exclusion[1] (5) ) is not supported.

       GATEWAY ZONE(S) (gateway_zone or gateway_zones) - [zone[,zone]...]
	   Optional. If the gateway system specified in the third column is a standalone host then this column should contain a comma-separated
	   list of the names of the zones that the host might be in. This column only applies to IPSEC tunnels where it enables ISAKMP traffic to
	   flow through the tunnel to the remote gateway(s).

EXAMPLE

       Example 1:
	   IPSec tunnel.

	   The remote gateway is 2001:cec792b4:1::44. The tunnel does not use the AH protocol

		       #TYPE	       ZONE    GATEWAY
		       ipsec:noah      net     2002:cec792b4:1::44

       Example 2:
	   Road Warrior (LapTop that may connect from anywhere) where the "gw" zone is used to represent the remote LapTop

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       ipsec	       net     ::/0		       gw

       Example 3:
	   Host 2001:cec792b4:1::44 is a standalone system connected via an ipsec tunnel to the firewall system. The host is in zone gw.

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       ipsec	       net     2001:cec792b4:1::44     gw

       Example 4:
	   OPENVPN tunnel. The remote gateway is 2001:cec792b4:1::44 and openvpn uses port 7777.

		       #TYPE	       ZONE    GATEWAY		       GATEWAY ZONES
		       openvpn:7777    net     2001:cec792b4:1::44

       Example 8:
	   You have a tunnel that is not one of the supported types. Your tunnel uses UDP port 4444. The other end of the tunnel is
	   2001:cec792b4:1::44.

		       #TYPE		ZONE	GATEWAY 	       GATEWAY ZONES
		       generic:udp:4444 net	2001:cec792b4:1::44

FILES

       /etc/shorewall6/tunnels

SEE ALSO

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-zones(5)

NOTES

	1. shorewall6-exclusion
	   http://www.shorewall.net/manpages6/shorewall6-exclusion.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-TUNNELS(5)