I'm looking to solve the following problem in the cleanest most succinct way. I would prefer to use a single device / server to accomplish this, but realize that I might need to pull together some additional tools to accomplish it. I thought it might be best to start here to get some feedback as to what's feasible. It looks like perhaps ClearOS or Untangle's solution might work, but I'm not entirely solid on the details of what may be needed yet.
Effectively I want to accomplish this (diagram):
As far as verbalizing it goes, I'll take a stab here and anyone can feel free to correct me or my thought process or terminology as I go.
I need to set up a gateway / firewall server that takes a primary ISP in and a secondary ISP as a backup (failover, but not always plugged in unless it's needed). I then need to serve an OpenVPN connection to the main network. This will also have a DNS server and provide DHCP to the LAN.
All traffic will pass over this OpenVPN connection, but I also need to provide a proxy service that will allow certain clients on the LAN to use the direct ISP(s) for connectivity instead of the VPN if they so choose. (ie. some machines may want all their traffic to pass over the ISP and those that do will have a SOCKS proxy server to meet their needs.)
QoS will likely be part of the equation at some point, but it is not yet fully determine. It's likely that the wireless router that provides direct ISP traffic will be rate limited.
Finally if the VPN occasionally has connectivity issues. I'll need to connect to a different node if one experiences a problem and then if it does, it will try to connect to the next in a round robin fashion until it has a connection. I suspect I can handle that from a tertiary server that will have a script or daemon that I can build that will trigger the OpenVPN reconnect and round robin'ing if needed as I doubt anything has such functionality at present built in.
Any thoughts on what options exist to accomplish this? As I noted, I suspect I'll have to tie a few different services or servers together ultimately, but would prefer to keep this as simple and clean as possible. XenServer with a couple virtual machines has worked "ok" up to this point, but I haven't been able to pull all of the pieces in the diagram together.
0 Answers