Vpn With Channel Bonding

Currently using Zerotier as a self-healing mesh VPN and have considered revisiting my own journey on Channel Bonding (I actually use the paid service when I travel for bonding public wifi, phone rather and 4g data card in laptop). Speedify VPN is a free VPN provider for Hotstar, Disney Plus, Youtube, and HBO premium plans with over 37 server locations. Although there are no ads and fast network connection speeds to stream enhanced quality content on the streaming sites, there is a data limit of 2GB per month.

The Only Enterprise VPN That Seamlessly and Securely Combines, Optimizes and Transitions Between Wi-Fi and Cellular Networks, Boosting Throughput 2x to 10x or More

The Only VPN with Massively Scalable Back-end Optimization that Delivers 2x to 10x or Greater Improvements in Throughput by Eliminating Wasted Bandwidth

Today’s streaming applications, cloud environments and wireless networks increasingly generate jitter – now the leading cause of throughput collapse, resulting in video that randomly pauses, stalled applications and dropped connections, even when plenty of bandwidth is available. This means a large percentage of bandwidth is wasted, killing network performance as well as employee productivity. Paying for more bandwidth isn’t the solution!

Roaming VPN includes the only patented back-end network optimization solution capable of eliminating jitter-induced throughput collapse for all types of traffic – encrypted, unencrypted or compressed. Bandwidth previously lost to jitter-induced throughput collapse is recaptured, resulting in 2x – 10x or greater improvements in throughput. Roaming VPN delivers these impressive results with unmatched scalability, supporting network traffic speeds of more than 1 Tb per second, with over 10 million simultaneous sessions and 50,000 new sessions per second. Roaming VPN’s back-end network optimization component is single-ended and can be installed in an on-premises data center, or as a VM in a cloud environment.

Only Roaming VPN offers Seamless Channel Bonding that Combines, Optimizes and Continuously Transitions Between LTE and Wi-Fi Connections Without Packet Loss or Performance Degradation

Wireless network environments are crowded with Wi-Fi hotspots, LTE dead zones, and constant switching between LTE and Wi-Fi, and from one Wi-Fi network to another. Roaming VPN hides these transitions and eliminates packet loss, as it combines and optimizes the bandwidth of all the user’s available connections. Users have the experience of always being on a single high-performing network, even when they’re constantly changing locations.

Wireless networks are also frequently subject to RF interference, fading and channel access conflict, creating jitter that leads to throughput collapse over the entire network path between the user’s mobile device and the application server, not just the wireless segment. Only Roaming VPN overcomes this by combining its patented back-end network optimization component on-premises or in the cloud, with its VPN application on the user’s laptop or other mobile device.

Roaming VPN offers the Ultimate Security Solution for Both the Employee’s Mobile Device, and their Employer’s Network and Data

Roaming VPN uses the latest VPN encryption technologies, and ensures that payload data, including tunneling headers, are hidden from public view. In the back-end network, Roaming VPN’s next generation optimization uses an algorithmic approach that requires no payload access. Traditional dual-ended optimization tools that need unencrypted payload access for de-duping and compression add encryption/ decryption delays at each endpoint that slow performance, in addition to imposing the maintenance overhead and security risk of exposing sensitive data and encryption keys to a third-party solution – significant drawbacks now that over 80% of internet traffic is encrypted.

Only Roaming VPN Fills the Performance and Security Gaps as Enterprises Adopt SD-WAN for their Move to the Cloud

SD-WAN’s rapid enterprise adoption has accelerated with the move to the cloud. The reason is SD-WAN enables internet traffic to be offloaded from leased line and MPLS links to less expensive broadband, allowing direct branch office-to-cloud and branch-to-internet connectivity. The architectural and cost advantages are obvious. However, enterprises typically make two faulty assumptions when they select an SD-WAN solution:

  1. The first faulty assumption is that SD-WAN can optimize performance by choosing the best available network path among broadband, LTE, 5G, MPLS, Wi-Fi or any other available link. The problem is that SD-WAN makes decisions based on measurements at the edge, but it has no control beyond that. What if all paths are bad? Some SD-WAN vendors bundle network optimization solutions to address this. However, these tools typically rely on de-duping and compression techniques that do nothing to address jitter-induced throughput collapse, and even make it worse for the more than 80% of internet traffic that’s encrypted by requiring payload access that adds encryption / decryption overhead. In cloud environments, VM crosstalk and hypervisor packet transfer delays compound jitter from hosted applications that transmit data in random bursts, contributing to throughput collapse before traffic even enters the network. Only Roaming VPN’s back-end optimization, whether in the cloud, or an on-premises data center can address these issues and improve performance for all types of traffic.
  2. The second faulty assumption is that because most SD-WAN vendors offer IPsec, SD-WAN must be secure. The problem is SD-WAN bypasses MPLS VPN connections that funneled all traffic to a corporate data center where security policy was applied before moving on to its destination. Even though IPsec protects traffic as it moves from branch office-to-cloud, there’s no protection for break-ins or malware for direct branch-to-cloud traffic. You often have to create an IPsec VPN overlay by deploying devices at the branch office and cloud head-end. This will require additional infrastructure and management tools, unless you use Roaming VPN.

Roaming VPN Offers the Lowest Possible Mobile Device Power Consumption

In head-to-head tests against other VPNs that feature channel bonding, Roaming VPN demonstrated the lowest mobile device battery consumption – nearly 50% less than the closest competitor. Employees will turn off a VPN that drains their battery, preventing enterprises from taking advantage of the cost-savings, security and productivity improvements a VPN can offer.

Roaming VPN Future-Proofs Enterprise Networks for 5G

The rollout of 5G will result in constant 5G to Wi-Fi transitions as in-building Wi-Fi becomes the fallback for blocked high-frequency short range 5G signals that can’t penetrate building walls and energy efficient windows. Another important factor is that during the transition to 5G, LTE will serve as the backup network for 5G, just as 3G has for 4G, requiring frequent switching between them.

In addition, 5G networks will require at least 10 times the number of cells due to shorter signal ranges and higher frequencies, making jitter due to fading and RF interference an even greater factor. Roaming VPN’s back-end optimization that eliminates jitter-induced throughput collapse, combined with its mobile device VPN application’s seamless, secure transition between wireless networks will be even more critical with 5G.

  • 2Ideas
  • 3Custom Linux
    • 3.1Server Configuration
    • 3.2Client Configuration
  • 5pfSense
  • 6ZeroShell

Perferablly bond multiple 3G modems together to create a stable faster connection. I am trying to aggregate 3 unstable connections into one.

  • Bond 2-3 OpenVPN tun interfaces.
    • LAGG
    • Kernel Bonding
      • LACP (Stable connections, same BW)
  • Linux Advanced Routing & Traffic Control - http://lartc.org/

Notes

  • It should have been easy: http://evilprojects.org/2009/09/howto-setup-openvpn-channel-bonding-on-multiple-umts-uplinks.html
  • Route VPNs through interfaces using port numbers.

I tested with debian. Once it get greater then two modems I will post some real results. I was able to get what I wanted working but it did not seem that much faster over the 2x 3g modems. I do not know if it was the latent speed or whatnot but we will see.

I would like to try 3 to 4 of them and really see what happends.

Server Configuration

I used a Debian VPS because I wanted to route all my traffic out to the internet through the bond.

OpenVPN

tap configuration is a bit different then tun configuration. Since it works via layer two you do not need to worry about layer 3 stuff like IPs in the config file.

Setup a CA, Certs, ta.key: http://wiki.hackspherelabs.com/index.php?title=OpenVPN#Setup but here are some commands for reference:

You need some openvpn config files in /etc/openvpn/ and here is an example of a tap server openvpn config file:

You need a vpn server for each modem that you want to bond. You will need to configure a different port and ip for each one while also a different tap interface.

You need to stop and disable openvpn from starting because the bonding.sh script will call openvpn.

Bonding Script

You also need the utilities that this script calls

Take note of the 'modprobe bonding mode=0 miimon=100' line. I use zero because I would like to try and combine the BW of both modems. The bonding mode is important depending on what you would like to do:

Possible values are:

  • balance-rr or 0 - Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
  • active-backup or 1 - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
  • balance-xor or 2 - XOR policy: Transmit based on the selected transmit hash policy. The default policy is a simple ( {source} oplus {destination} ) % n_{slaves} - Alternate transmit policies may be selected via the xmit_hash_policy option. This mode provides load balancing and fault tolerance.
  • broadcast or 3 - Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.
  • 802.3ad or 4 - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification. (Need Switch Support)
  • balance-tlb or 5 - Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave. Need Switch Support)
  • balance-alb or 6 - Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation.

More info here: http://www.linuxfoundation.org/collaborate/workgroups/networking/bonding

Cleanup Script

You will also want to cleanup the bonding script after exit or when you need to:

Client Configuration

Configuring the modems, vpns, bonding, forwarding, to connect adn route to the vpn server.

USB Drive/Modem CD Rom Eject

I have some novatel wireless usb modems. They have built in mini sd card holders and emulated cdrom drives on them for drivers. To get them to work in linux or bsd you need to eject the drive.

The first step is to disble some settings for the usb devices in windows. You cannot get around it. I had to disable 'Enable Removable Disk' and Enable CD-ROM Disk in my software card manager that I installed in windows. (VZAccess Manager)

You would think that disabling the drive would disable it all the way. It does not. You have to make the OS eject it on plugin.

The next step is to get the OS to eject the CD drive:

After you plug the device in edit /etc/udev/70-persistent-cd.rules find your device (Novatel_Mass_Storage) and add:

You will have to do this for each of these type of modems.


Vpn With Channel Bonding

Testing Modem with wvdial

I used wvdial to test the modem. It looks like pppd accepts .chat scripts too. Here is my wvdial conf script:


Replace 5555555555 with your devices phone number. I cant remember what the no auth option is. It was actually working with any number...so...

ppd and chat scripts

We are going to use pppd to manage and connect to the modems.

I used the commands:


I put the command in a pppup.sh file along with an & char and they would not finish running. I have to look into it.

This is the chat script I use for verizon:

OpenVPN on the Client

Install openvpn:

Disable automatic startup:

You need your ta.key and client.p12 file from the server. Get them to the client.

You need a client config for each modem:

Once again you will have to change the tap interface number and remote server port.

Make a scripts dir in /etc/openvpn and put these two files in it:

Bonding Script

Here is the script that you will use to connect to the server and bond the taps. You will first need to install some commands called by it:

Edit it with your openvpn config file locations.

Cleanup Script

To clean the client vpn/routes/bond:

NAT Forwarding as Internet Gateway

The entire reason I wanted to do this was to forward internet traffic through multiple modems. So on my debian box:

Uncomment: #net.ipv4.ip_forward=1

You then can forward incoming traffic with:

And put the line in it so we can call the file later when we want.

On the server you want to forward traffic from bond0 and on the client from whatever interface your want to share from/turn into a gateway.

If you use ufw you will need to do it in the ufw files.

  • http://mailman.ds9a.nl/pipermail/lartc/2007q3/021307.html - OpenVPN failover bond tun0
  • http://forums.debian.net/viewtopic.php?f=10&t=67794


Speedify

Vpn With Channel Bonding
  • With the USB760 modem you need to eject the drive before it works.

This needs to be automated. This thread suggests a devd rule: http://forum.pfsense.org/index.php/topic,43285.0.html

bsd router/firewall/more

The modem worked great once I ejected it. I did not see the type of bonding I wanted. I am 99% sure this can do layer 3 loadbalancing though.

I did not go further atm.

  • With the UML290:
    • the dial command is not #777 but instead *99***3#
    • Username is: devicephone#@vzw4g.com
    • Password is: vzw


Notes

  • http://blog.martinshouse.com/2012/01/multi-wan-multi-lan-no-nat-routing-with.html - Failover - Different then LAGG
With

Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you can configure and administer it using your web browser.

  • Says it supports VPN Bonding
  • 3G support (+It is linux)

Channel Bonding Router

I was able to get ZeroShell to work. It has a nice interface but is made to be run off a live cd. I need the flexibility of a custom router.

To get my modem to work I had to move the eject command from a 32bit fedora rpm to the system.

ZeroShell does vpn bonding just like the one that I made in this artical.

Notes

  • http://www.zeroshell.net/eng/forum/viewtopic.php?t=2969&sid=1a794e9b20193f03e3c5306f93faf4e9 - However I tried doing this using various permutations, over multiple 3G connections and whilst it did work, if one of the connections in the bond fails, it doesn't fail particularly gracefully.
  • http://www.zeroshell.net/eng/forum/viewtopic.php?t=1487&sid=3743889f4a3a308582ee5ac6f4899dba - I am trying to get aggregate bandwidth by bonding multiple vpn connections over 3g dongles and keep running into the following issues

Channel Bonding App

Retrieved from 'https://wiki.hackspherelabs.com/index.php?title=Connection_and_VPN_Bonding&oldid=2313'