I have a container set up as a VPN gateway running openvpn. Anything routed through the gateway is routed through the VPN. I would like to run multiple VPN connections on the gateway and for traffic to be load balanced across those VPN connections.
Defining multiple remotes in my openvpn config as stated in the docs (https://openvpn.net/community-resources/implementing-a-load-balancing-failover-configuration/) does not result in load balanced traffic over those remotes.
If I naively run multiple instances of openvpn with different remotes the latest takes precedence. And the first to quit removes the gateway route so the remaining instance is no longer used.
I can create custom routes using:
route-noexec
route-up /etc/openvpn/route-up.sh
script-security 2
route-up.sh:
#!/bin/bash
ip route add "${trusted_ip}" via "${route_net_gateway}" dev "eth0"
This recreates the VPN route. Then if I open two concurrent VPN connections and replace the two default gateway overrides I can select which one to use:
ip r replace 128.0.0.0/1 via 10.7.7.1 dev tun[1 or 0]
ip r replace 0.0.0.0/1 via 10.7.7.1 dev tun[1 or 0]
# tun0
root@vpn-proxy:/# curl http://wtfismyip.com/text
193.56.113.7
# tun1
root@vpn-proxy:/# curl http://wtfismyip.com/text
37.120.207.182
However, if I attempt to load balance between them with equal weighted nexthop, eg:
ip r replace 128.0.0.0/1 scope global nexthop via 10.7.7.1 dev tun0 weight 1 nexthop via 10.7.7.1 dev tun1
ip r replace 0.0.0.0/1 scope global nexthop via 10.7.7.1 dev tun0 weight 1 nexthop via 10.7.7.1 dev tun1
DNS fails and I get nothing:
root@vpn-proxy:/# curl http://wtfismyip.com/text
curl: (6) Could not resolve host: wtfismyip.com
What am missing in order to load balance over tun0 and tun1? Thanks!
UPDATE:
In fact the above appears to work correctly! The problem now is that the same destination always chooses the same route. It seems the route cache was removed from the linux kernel some time ago.
How can I get it to randomly choose a route of each new connection?
