I'm trying to configure a linux machine as a router with multiple VPN connection onboard for my intranet net. At the moment there are 2 VPN Gateways on the machine. I want them to be used randomly for each connection the router gets.
It's ok for me to have same ip for the same host (flow-based load balancing based on a hash over the source and destination addresses).
I want to say right away that currently I'm not using the machine as a router. I do every test on the machine. And there are no router-like problems (iptables, masquerading and other stuff).
I've found similar question Two ISPs and multipath gateway configuration and tried to use nexthops but faced with a problem that after applying this configuration I'm not able to connect to any host (talking about http(-s)).
scope global default nexthop via vpn-gateway-1-ip weight 1 nexthop via vpn-gateway-2-ip weight 1If I use only one VPN as a gateway everything works well.
default via vpn-gateway-1-ip \ default via vpn-gateway-2-ipAlso, there is something interesting with ping in dual-vpn mode (let's call it like this).
$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=6 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=8 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=10 ttl=119 time=271 ms^C--- 8.8.8.8 ping statistics ---11 packets transmitted, 5 received, 54,5455% packet loss, time 10079msrtt min/avg/max/mdev = 270.648/270.672/270.691/0.016 msAs you see, I receive ony a half of responses.
I tried to ping the same address after a while and got an interesting result that in the third try I received a response only for the first packet.
$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=270 ms64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=270 ms64 bytes from 8.8.8.8: icmp_seq=6 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=8 ttl=119 time=279 ms^C--- 8.8.8.8 ping statistics ---8 packets transmitted, 4 received, 50% packet loss, time 7067msrtt min/avg/max/mdev = 270.264/272.631/279.198/3.793 ms$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=271 ms64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=270 ms^C--- 8.8.8.8 ping statistics ---4 packets transmitted, 2 received, 50% packet loss, time 3026msrtt min/avg/max/mdev = 270.292/270.453/270.615/0.161 ms$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=271 ms^C--- 8.8.8.8 ping statistics ---29 packets transmitted, 1 received, 96,5517% packet loss, time 28627msrtt min/avg/max/mdev = 270.649/270.649/270.649/0.000 msI'm not sure that I'm doing the correct things to configure dual-vpn. Can you please help me to find a way for a resolution?
P.S.
Linux pc 5.4.0-45-generic #49-Ubuntu SMP Wed Aug 26 13:38:52 UTC 2020 x86_64 x86_64 x86_64 GNU/LinuxNo LSB modules are available.Distributor ID: LinuxmintDescription: Linux Mint 20Release: 20Codename: ulyanaVPN is TCP Open VPN.
default nexthop via 10.16.0.1 dev tun0 weight 1 nexthop via 10.81.0.1 dev tun1 weight 1 10.16.0.0/16 dev tun0 proto kernel scope link src 10.16.0.4 10.81.0.0/16 dev tun1 proto kernel scope link src 10.81.0.2x.x.x.x via 192.168.2.1 dev enswwwy.y.y.y via 192.168.2.1 dev enswww192.168.2.0/24 dev enswww proto kernel scope link src 192.168.2.254 metric 101192.168.3.0/24 dev enslll proto kernel scope link src 192.168.3.252 metric 100where x.x.x.x and y.y.y.y are IPs of VPN gateways and enswww(w for wan), enslll(l for lan) are physical interfaces.
