Is it possible to do these on a powerful router?

[sam1275tom]

Hello guys.
I have a ADSL in my home and a free unsecure WIFI nearby, I also have a VPN account which have many different proxy server IPs I can choose, and can connect 2 client at the same time.
So I want a device to dial the ADSL, relay that WIFI, then combine them together to get a faster speed, and then dial the VPN, finally produce wired connection and an access point with a secure, fast connection.
Further more, I want it to disconnect the free WIFI and use ADSL only if the VPN is drop or fail to connect.
Finally, If possible, I want it to try different VPN servers before abort, and notify me by some ways if it is working in the ADSL only mode.
It will be more sweet if it have QOS, firewall, speed limit, access restriction...
This must be too hard for a normal router, but can I archive those by a third-party firmware, I think maybe OpenWRT? Or I have to use a more powerful device such as an old PC?
Thank you!

 

[Uneventful]

Hello guys.
I have a ADSL in my home and a free unsecure WIFI nearby, I also have a VPN account which have many different proxy server IPs I can choose, and can connect 2 client at the same time.
So I want a device to dial the ADSL, relay that WIFI, then combine them together to get a faster speed, and then dial the VPN, finally produce wired connection and an access point with a secure, fast connection.
Further more, I want it to disconnect the free WIFI and use ADSL only if the VPN is drop or fail to connect.
Finally, If possible, I want it to try different VPN servers before abort, and notify me by some ways if it is working in the ADSL only mode.
It will be more sweet if it have QOS, firewall...
This must be too hard for a normal router, but can I archive those by a third-party firmware, I think maybe OpenWRT? Or I have to use a more powerful device such as an old PC?
Thank you.

What you are looking to do is very complicated. Some of it is simple enough that it can be done with something like pfSense running on a x86 hardware or possibly one of the more advanced Linux based router firmware, but to do all of it at the level and with the intelligence you describe would almost certainly require quite a bit of custom scripting or coding in order to work. I have worked with pfSense some and I am pretty sure that it can connect to two different internet connections at the same time and provide some level of fail-over or aggregation. It has support for many different VPN connections built in, does QOS, Firewall, routing, etc. However automating the connections and making decisions based on multiple VPN connections is beyond what can setup with the standard configuration tools. If you aren't afraid to dig in and figure out how to configure and customize, then something pfSense would probably be what you are looking for. I haven't kept up with the latest third party firmware for consumer level wireless routers, so there may be some that are just as powerful as well. Good Luck! -Dave

 

[bill001g]

If you have the ability to write your own programs/scripts you likely can do it. I would also recommend a pc just because it has more memory and cpu but you might get it to work.

Your largest issue is going to be detect if something is really up or down. This is normally done with routing protocols....ie why the boxes are called routers. By adjusting the router metrics you can make the router choose the path based on availability. Unfortunately you do not control both ends of the connections and no ISP will run a routing protocol with you so you will have to find a way to do something similar. Pretty much the way most people try to do it is to force ping commands to be sent out certain interfaces and take actions based on the results.

If you can figure out the steps you would take if you were to manually sit there and do this you can write a script to issue those commands.

I suspect though you have a major flaw in your assumptions. It is a major effort to combine 2 connections together and get them to act as 1 larger connection. In the simplest case you can't send traffic out both to a remote location because you have different IP addresses and the remote location will assume it is 2 different machines. The trick some people try to do is to form 2 vpn tunnels to a vpn service and then have that vpn service NAT the 2 IP to a single ip. That only partially works but the connections must have almost identical delays to the VPN service. If not you get packets being sent out of order. Out of order data is tolerated to a point but it detected as packet loss. If you get too much the session will terminate but it causes slowness even when it is not bad enough to terminate. In your case you are going to have massive difference in the latency so you likely will have very poor results trying to use a vpn nat to combine them.

 

[sam1275tom]

Hello guys.
I have a ADSL in my home and a free unsecure WIFI nearby, I also have a VPN account which have many different proxy server IPs I can choose, and can connect 2 client at the same time.
So I want a device to dial the ADSL, relay that WIFI, then combine them together to get a faster speed, and then dial the VPN, finally produce wired connection and an access point with a secure, fast connection.
Further more, I want it to disconnect the free WIFI and use ADSL only if the VPN is drop or fail to connect.
Finally, If possible, I want it to try different VPN servers before abort, and notify me by some ways if it is working in the ADSL only mode.
It will be more sweet if it have QOS, firewall...
This must be too hard for a normal router, but can I archive those by a third-party firmware, I think maybe OpenWRT? Or I have to use a more powerful device such as an old PC?
Thank you.

What you are looking to do is very complicated. Some of it is simple enough that it can be done with something like pfSense running on a x86 hardware or possibly one of the more advanced Linux based router firmware, but to do all of it at the level and with the intelligence you describe would almost certainly require quite a bit of custom scripting or coding in order to work. I have worked with pfSense some and I am pretty sure that it can connect to two different internet connections at the same time and provide some level of fail-over or aggregation. It has support for many different VPN connections built in, does QOS, Firewall, routing, etc. However automating the connections and making decisions based on multiple VPN connections is beyond what can setup with the standard configuration tools. If you aren't afraid to dig in and figure out how to configure and customize, then something pfSense would probably be what you are looking for. I haven't kept up with the latest third party firmware for consumer level wireless routers, so there may be some that are just as powerful as well. Good Luck! -Dave

Thank you very much, I'm trying it on Virtual box, and I have a few questions...
1. It cannot assign WAN and LAN to same adapter/interface? So I cannot relay/repeat a WIFI with one Wlan card?
2. I cannot ping or enter the web management of it, I set the VM's network to "bridged" to my host's networking card, and set LAN IP to the same subnet with my real host in Pfsense, but it doesn't work.
3. Is Pfsense the best router software for PC? Are there any better choice, especially with graphic interface?
Thanks.

 

[sam1275tom]

If you have the ability to write your own programs/scripts you likely can do it. I would also recommend a pc just because it has more memory and cpu but you might get it to work.

Your largest issue is going to be detect if something is really up or down. This is normally done with routing protocols....ie why the boxes are called routers. By adjusting the router metrics you can make the router choose the path based on availability. Unfortunately you do not control both ends of the connections and no ISP will run a routing protocol with you so you will have to find a way to do something similar. Pretty much the way most people try to do it is to force ping commands to be sent out certain interfaces and take actions based on the results.

If you can figure out the steps you would take if you were to manually sit there and do this you can write a script to issue those commands.

I suspect though you have a major flaw in your assumptions. It is a major effort to combine 2 connections together and get them to act as 1 larger connection. In the simplest case you can't send traffic out both to a remote location because you have different IP addresses and the remote location will assume it is 2 different machines. The trick some people try to do is to form 2 vpn tunnels to a vpn service and then have that vpn service NAT the 2 IP to a single ip. That only partially works but the connections must have almost identical delays to the VPN service. If not you get packets being sent out of order. Out of order data is tolerated to a point but it detected as packet loss. If you get too much the session will terminate but it causes slowness even when it is not bad enough to terminate. In your case you are going to have massive difference in the latency so you likely will have very poor results trying to use a vpn nat to combine them.

Thank you.
I'm not good at script so I want something graphical...
I thought about the thing that you and Uneventful both mentioned: If I use 2 WAN connections on the same device, the server will think there are 2 devices, and may not just divide data into 2 streams... But I've heard many people doing this by 3rd-party firmwares for a long time, they call this "dual-WAN", there are even people making dual-WAN on windows client: http://www.wikihow.com/Combine-Two-Internet-Connections , what will they get?
Thank you.

 

[bill001g]

That is because there are lots of people that want this feature so bad they ignore the technical limitations. The limitations are fundamental to how TCPIP is designed and it would have to be completely replaced.

There are commercial products designed to get around the restrictions. Riverbed sells devices called wan accelerators that can solve some issues like this but you need a box that costs at least $30,000 per end and you would have to colocate that device in a vendor data center at a added charge.


A lot of this is by companys that want to sell you something so they do their very best to hide the limitations in the fine print. They just pretend that packet out of order does not slow down a connection or ignore the fact that what appears to be a single site on the internet is actually a group of servers that all need to be accessed from the same ip.

There is no free lunch, either you deal with have 2 different IP or you deal with the out of order data when you use connections with different latency.