I've enabled load-balancing on two WAN links on my EdgeRouter Lite. This EdgeRouter also sets up an OpenVPN link with an OpenVPN server in a datacenter. Since enabling the load-balancing, it tries to load-balance the outgoing VPN packets as well. In the VPN logs of the datacenter OpenVPN, I constantly get these messages logged:
Fri Aug 19 11:21:57 2016 us=581076 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=590830 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=592087 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=592402 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=592917 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=594787 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=595342 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=596055 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=599352 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=603623 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=605334 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=606087 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=614600 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=615356 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=615567 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=616337 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=618329 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=618803 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=620106 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=627398 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=628825 Peer Connection Initiated with [AF_INET]91.183.42.114:1278 Fri Aug 19 11:21:57 2016 us=634355 Peer Connection Initiated with [AF_INET]91.183.42.113:1194 Fri Aug 19 11:21:57 2016 us=635085 Peer Connection Initiated with [AF_INET]91.183.42.114:1278
Those public IP's are the WAN links on the EdgeRouter.
Bear in mind, the VPN link does work actually! However, it seems the EdgeRouter keeps sending packets on both WAN links and the OpenVPN server is thinking new connections are being opened. So probabl
I've tried setting sticky options such as source-addr, dest-addr and dest-port, but this did not resolve the issue. I think this is is because the VPN traffic originates from the router (it's 'local').
This is the load-balance config:
ubnt@ubnt# show load-balance
group WLB {
interface eth0.10 {
route-test {
type {
ping {
target 8.8.8.8
}
}
}
weight 50
}
interface eth0.11 {
route-test {
type {
ping {
target 8.8.8.8
}
}
}
weight 50
}
}This is the WAN interface setup (VLAN's are used for the uplinks):
ubnt@ubnt# show interfaces ethernet eth0
description WAN
duplex auto
firewall {
out {
}
}
speed auto
vif 10 {
address 192.168.253.4/24
description "Uplink 1 - 91.183.42.114"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 11 {
address 192.168.254.4/24
description "Uplink 2 - 91.183.42.113"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1500
}These are the firewall rules for LAN-to-LAN exclusion:
ubnt@ubnt# show firewall modify
modify WAN_WLB {
rule 10 {
action modify
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
modify {
lb-group WLB
}
}
}
Any ideas as to how I can fix this so only one WAN link is used for the openvpn link? I don't care which one, and hopefully it can be set up so it uses the other one in case of failure of one.