Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 31 October 2024, 08:28:17 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Can I achieve failover with a radio link and VPN over PPPoE?
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Can I achieve failover with a radio link and VPN over PPPoE?  (Read 13108 times)
mosocms
Full Member
***
Offline Offline

Posts: 13


« on: Monday 01 November 2010, 06:38:28 am »

Hi everbody!   Grin

In the following scenario:

Code:
                              |---------------------|
                --------------| radio link (54Mbps) |----------------
               /              |---------------------|                \
              /                                                       \
              |                                                       |
       |------------|        |------------------------|        |------------|
       | endian-001 |--------| VPN over PPPoE (2Mbps) |--------| endian-002 |
       |------------|        |------------------------|        |------------|
              |                                                       |
              |                                                       |
      |- 192.168.1.0 -|                                       |- 192.168.2.0 -|
      |       |       |                                       |       |       |
      |       |       |                                       |       |       |
|--------|    |    |--------|                           |--------|    |    |--------|
| client |    |    | client |                           | client |    |    | client |
|--------|    |    |--------|                           |--------|    |    |--------|
              |                                                       |
              |                                                       |
         |--------|                                              |--------|
         | server |                                              | server |
         |--------|                                              |--------|

can I achieve failover with a radio link and VPN over PPPoE?

Each Endian server has three interfaces: one goes to internal switch, other to radio and another to ADSL modem.

Clients in endian-001 network (192.168.1.0/24) need access to server in endian-002 network (192.168.2.0/24).  The reverse also is true.

I want to go, by default, by the radio link (faster).

But if radio link goes down for any reason I would like to continue having access by the VPN over PPPoE automatically.

And later, when radio link comes back, change default route to it again.

Can Endian deal with this scenario?

If yes, can you tell me how to do it?   Roll Eyes

Any help is welcome...   Cheesy
Logged
xsidx
Full Member
***
Offline Offline

Posts: 33


« Reply #1 on: Monday 01 November 2010, 09:21:21 am »

Yes you can do it! But will need to know more about your setup to walk you through the process.. although I think I replied to another similar post you had on this subject.

How is your radio uplink setup?  (NIC to modem?)

How is your ADSL setup? (Nice to modem? also is this an actual DSL provider like bell south, and is it a standard internet line, just with 2bmps as you stated?)

How many network interfaces do you have on as red interfaces? (check under Network Interfaces and see if you have "Main" and "Uplink1", giving you 2 red interfaces?)

Are they Static IP? (this is one of the most important things to have when considering a vpn connection)

If you like send me a pm with info if you don't want to post it.

Logged
mosocms
Full Member
***
Offline Offline

Posts: 13


« Reply #2 on: Tuesday 02 November 2010, 05:49:54 am »

Hi xsidx!

Today I have only a radio link between the sites.

This is the actual scenario:

Code:
|-----------|                                                       |
|           |eth0                     |---------|                   |
|  site 01  |-------------------------| radio 1 |192.168.19.252     | building 01
|           |192.168.19.1             |---------|                   |
|-----------|                              /                        |
      |eth1                               /-/
      |192.168.1.1                         /
      |                               |---------|                   |
      |                               | radio 2 |192.168.19.253     |
|-----------|                         |---------|                   |
| switch 01 |                              |                        |
|-----------|                              |                        |
                                           |                        |
                                     |-----------|                  |
                                     | switch 03 |                  | bulding 03
                                     |-----------|                  |
                                           |                        |
|-----------|                              |                        |
| switch 02 |                              |                        |
|-----------|                         |---------|                   |
      |                               | radio 3 |192.168.19.162     |
      |                               |---------|                   |
      |eth1                                /
      |192.168.2.1                        /-/
|-----------|                              /                        |
|           |eth0                     |---------|                   |
|  site 02  |-------------------------| radio 4 |192.168.19.152     | building 02
|           |192.168.19.2             |---------|                   |
|-----------|                                                       |

Sometimes one of the radios crash and need to be rebooted.  We have difficult access to building 03.

So the idea is to use VPNs on PPPoE (ADSL) to provide failover in case we lost connection/routing by the radios.

The ADSL links are 2Mbps with static IPs on each site.

Thanks for your attention!   Grin
Logged
xsidx
Full Member
***
Offline Offline

Posts: 33


« Reply #3 on: Tuesday 02 November 2010, 09:48:39 am »

Hi xsidx!

Today I have only a radio link between the sites.

This is the actual scenario:

Code:
|-----------|                                                       |
|           |eth0                     |---------|                   |
|  site 01  |-------------------------| radio 1 |192.168.19.252     | building 01
|           |192.168.19.1             |---------|                   |
|-----------|                              /                        |
      |eth1                               /-/
      |192.168.1.1                         /
      |                               |---------|                   |
      |                               | radio 2 |192.168.19.253     |
|-----------|                         |---------|                   |
| switch 01 |                              |                        |
|-----------|                              |                        |
                                           |                        |
                                     |-----------|                  |
                                     | switch 03 |                  | bulding 03
                                     |-----------|                  |
                                           |                        |
|-----------|                              |                        |
| switch 02 |                              |                        |
|-----------|                         |---------|                   |
      |                               | radio 3 |192.168.19.162     |
      |                               |---------|                   |
      |eth1                                /
      |192.168.2.1                        /-/
|-----------|                              /                        |
|           |eth0                     |---------|                   |
|  site 02  |-------------------------| radio 4 |192.168.19.152     | building 02
|           |192.168.19.2             |---------|                   |
|-----------|                                                       |

Sometimes one of the radios crash and need to be rebooted.  We have difficult access to building 03.

So the idea is to use VPNs on PPPoE (ADSL) to provide failover in case we lost connection/routing by the radios.

The ADSL links are 2Mbps with static IPs on each site.

Thanks for your attention!   Grin

Yes you can do what your thinking off.

but in your diagram you did not show the place of your endian firewall/router.

Do you already have the sights connected via vpn?

Does each site have a dedicated ISP?

Also what is the purpose of those switches laid out in building 2, are those internal switches just under each site the connected to, or are they linking up your buildings as well? (that part of your diagram kinda confused me)

Another thing are you hosting anything between sites that require high amounts of bandwidth like video streaming?

And last but not lease, is your radio link an IPS like "Anewbroadband" connecting to a tower, or you just have an end at each building linking you up to each other?, I noticed those IP's don't look like public IP's.

It looks like am asking a lot of questions, but I am trying to understand all the main points and info needed so I can have a clearer picture or exactly what you are dealing with..   Smiley
Logged
mosocms
Full Member
***
Offline Offline

Posts: 13


« Reply #4 on: Wednesday 03 November 2010, 04:20:19 am »

Hi again xsidx!   Cheesy

Quote
but in your diagram you did not show the place of your endian firewall/router.

Where I put "site 01" and "site 02" you can read "actual gateway today" (a slackware with two NICs).

These "site 01" and "site 02" will be the Endian machines on each side.

Quote
Do you already have the sights connected via vpn?

No, still no VPN, just direct connections between "site 01" and "site 02" by the radios link.

Quote
Does each site have a dedicated ISP?

Yes, ADSL links ready but still not in use.  Modems will be connected in bridge mode to each Endian server in "site 01" and "site 02".

Quote
Also what is the purpose of those switches laid out in building 2, are those internal switches just under each site the connected to, or are they linking up your buildings as well? (that part of your diagram kinda confused me)

Switches connected in "site 01" and "site 02" are just representing the local networks of each site (192.168.1.0/24 in site-01 and 192.168.2.0/24 in site-02).

Quote
Another thing are you hosting anything between sites that require high amounts of bandwidth like video streaming?

No, in site-01 there is a MySQL server that serves both site-01 and site-02 machines.

And frequently I need to use VNC to help users on site-02.

Quote
And last but not lease, is your radio link an IPS like "Anewbroadband" connecting to a tower, or you just have an end at each building linking you up to each other?, I noticed those IP's don't look like public IP's.

Just an end at each building linking up to each other.

The scenario were simplified, actually there is seven little offices (sites) that run an application that needs to access the MySQL server on site-01.

Until little time ago the only way of connect these sites were by the radio links.

Now I have the option of use ADSL (1 or 2MBps only, depending on the site) but with your help and Endian I think that we can achieve failover.

I know that the ADSL links are slow but some connectivity is better than none.

Again, thanks for your help!   Grin
Logged
xsidx
Full Member
***
Offline Offline

Posts: 33


« Reply #5 on: Wednesday 03 November 2010, 05:47:33 pm »

Ok, by that scenario that you have, my best opinion would be to setup your ADSL connection on each endian as your "Main Uplink" (RED), then set your radio link as "Secondary Uplink", use your ADSL line and set up a vpn on it, this will give you the vpn connection to your other sites. Now your radio link will be your secondary red, you will use a routine policy to tell endian to route traffic through this link, fail over is as easy as checking the box that says use backup uplink if link fails. Set this policy with service or port that your SQL Server uses to communicate with your other sites, so that only the needed traffic is routed this way.

Make sure that you set fail over only on your secondary uplink (radio link) to fail over to your dsl line, but do not do that for your main uplink, as your radio link will not give it internet access, as it is working as a gateway to a gateway configuration. This fail over is only meant to be there for your SQL traffic to be rerouted to your dsl line via vpn in case radio link drops, but the sites main way out into the net is ADSL non the less.

I have not try this, but in theory it should work, if you set it up and come up with any problems let me know ill try to help out.

I do have several sights connecting with each other via vpn at my work, for servers and AD authentication this works flawless, but I am not using a radio link as a bridge. I don't know the require bandwidth of your SQL server, but it isn't too great you might not need the radio link at all, also you can opt for a better ADSL line with higher upload bandwidth that may give you whats needed to just use one link for everything.

and when it comes to vnc uses, I recommend Teamviewer, I have found to it be a lot smoother imo.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com