Conexões PPTP de balanceamento de carga

Question

Conexões PPTP de balanceamento de carga

#1 resposta do (0 votos)

1

Estou tentando balancear a carga de duas conexões PPTP, conectadas ao mesmo servidor. Eu uso o script a seguir, mas não há envio e recebimento via conexões PPTP. Que parte estou fazendo errado? Existem maneiras melhores de realizar isso? Eu usei também o modo nexthop do comando ip route , mas o problema é que várias conexões para o mesmo IP são roteadas através da mesma interface.

#!/bin/bash

VPNSERVER=x.x.x.x

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

# Create a new table for physical interface
physip=$(ip addr show eth0 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)
echo "Physical interface's IP: $physip"
ip route flush table 10
ip route add default via $physip dev eth0 table 10
ip rule add from $physip table 10
ip rule add fwmark 10 table 10

# Replace default gateway
ip route replace default via 127.0.0.1

# Do not mark packets going to pptp server
iptables -A OUTPUT -d $VPNSERVER -p gre -j ACCEPT
iptables -A OUTPUT -d $VPNSERVER -p tcp --dport 1723 -j ACCEPT

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT

pppd unit 101 noauth refuse-eap refuse-pap refuse-chap \
    refuse-mschap require-mschap-v2 name "user01" remotename \
    vpnserver file /etc/ppp/options.pptp maxfail 1 updetach \
    pty "pptp $VPNSERVER --localbind $physip --nolaunchpppd" &> /dev/null

pppd unit 102 noauth refuse-eap refuse-pap refuse-chap \
    refuse-mschap require-mschap-v2 name "user01" remotename \
    vpnserver file /etc/ppp/options.pptp maxfail 1 updetach \
    pty "pptp $VPNSERVER --localbind $physip --nolaunchpppd" &> /dev/null

# Get interface IP addresses
ifip1=$(ip addr show ppp101 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)
ifip2=$(ip addr show ppp102 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)

# Create a unique routing table for each connection
ip route flush table 101
ip route add default dev ppp101 table 101
ip rule add from $ifip1 table 101
ip rule add fwmark 101 table 101

# Create a unique routing table for each connection
ip route flush table 102
ip route add default dev ppp102 table 102
ip rule add from $ifip2 table 102
ip rule add fwmark 102 table 102

# Load balance connections
iptables -t mangle -A OUTPUT -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK --set-mark 101
iptables -t mangle -A OUTPUT -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 102

iptables -t nat -A POSTROUTING -m mark --mark 101 -j SNAT --to-source $ifip1
iptables -t nat -A POSTROUTING -m mark --mark 102 -j SNAT --to-source $ifip2

iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

pptp iptables routing nat load-balancing

por Ali Alidoust 31.01.2014 / 19:57

1 resposta

Tags pptp iptables routing nat load-balancing

Continue a instalação do empacotador Problemas com Exec in Puppet

score 0 · Accepted Answer

Aqui está a solução final que usei:

server=x.x.x.x
physip=$(ip addr show $dev | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)

pppd unit 101 noauth refuse-eap refuse-pap refuse-chap \
        refuse-mschap require-mschap-v2 name user01 remotename \
        vpnserver file /etc/ppp/options.pptp persist maxfail 1 updetach \
        pty "pptp $server --localbind $physip --nolaunchpppd" &> /dev/null

pppd unit 102 noauth refuse-eap refuse-pap refuse-chap \
        refuse-mschap require-mschap-v2 name user01 remotename \
        vpnserver file /etc/ppp/options.pptp persist maxfail 1 updetach \
        pty "pptp $server --localbind $physip --nolaunchpppd" &> /dev/null

ifip1=$(ip addr show ppp101 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)
ifip2=$(ip addr show ppp102 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1)

iptables -t nat -A POSTROUTING -o ppp101 -j SNAT --to-source $ifip1
iptables -t nat -A POSTROUTING -o ppp102 -j SNAT --to-source $ifip2

ip route flush cache
ip route replace default scope global nexthop dev ppp101 weight 1 nexthop dev ppp102 weight 1