3G上网卡做以太网备用通道的方案
来源:互联网 发布:十大必看网络小说知乎 编辑:程序博客网 时间:2024/05/17 06:29
I have an internet connected Ubuntu server, connected by Ethernet to a residential ADSL line. This is adequate, most of the time, but I can't rely upon the ADSL link to be as reliable as I'd like. Murphy's law has already dictated that down-time comes when it is least convenient.
I'd like to use a 'pay-as-you-go' 3G USB dongle to provide a fail-over. I'm lacking information both about sample configurations that work for other people - and about the most suitable (inexpensive) hardware for my purposes. The objective is that, when my ADSL line is disconnected, the server detects this and dials up the 3G service - monitoring the ADSL line and switching back seamlessly when its connection is restored.
The principle service I care about is an OpenVPN tunnel - over UDP to a remote server. The other useful service would be Squid - so I'd still have web-access from my LAN when ADSL is disconnected.
Questions:
- How difficult would this be to set up?
- Would I be forced to 'roll my own' - or are there packages/howtos I've overlooked?
- What (inexpensive) hardware is recommended (concerned with unattended reliability - mainly)?
- Any anecdotes of success or failure from others who've tackled this already?
5 Answers
We have couple of smaller edimax 3g routers that have 1 wlan, 1 lan and usb for 3G stick. Lan port can be configured to be part of the lan or as primary wan port port (3g acting as failover). I'm not affiliated with edimax and we use them on the road or on conventions for their size (and one of the ones we have is battery powered).
Having said that I would go with a setup in the ubuntu server.
Answers:
- Easy if you are experienced server admin. Otherwise if you are willing to spend the time to learn and understand what you are doing it's doable for a poweruser.
- I don't know about available packages, but
change to 3g - script example:
pon YourIsp-nameroute del default gw "your_adls_defaultGW"route add -host "ping_or_other_test_host_for_checking_adsl_route" gw "your_adls_defaultGW""do_other_stuff_like_restart_openvpn_maybe"
change to adsl - script example:
poff YourIsp-nameroute add default gw "your_adls_defaultGW"route del -host "ping_or_other_test_host_for_checking_adsl_route" gw "your_adls_defaultGW""do_other_stuff_like_restart_openvpn_maybe"
Using dhcp with adsl will screw this simple example and you have to either modify /etc/resolv.conf with every change or use open dns servers like google 8.8.8.8 (or your own resolver). Now.. monitoring is a bit more difficult, but putting something like this to cron (don't, this is a naive exmaple), will give you failover to 3g and back.
ping -q -c 2 "ping_or_other_test_host_for_checking_adsl_route" && TARGETUP=1 || TARGETUP=0 ; echo $TARGETUP ; if [ "$TARGETUP" == 1 ] ; then ( rm /tmp/.adsl_down ; [ -e /tmp/.adsl_up ] || ( PATH_TO_YOUR_ADSL_UP_SCRIPT && touch /tmp/.adsl_up ) ); else ( rm /tmp/.adsl_up ; [ -e /tmp/.adsl_down ] || ( PATH_TO_YOUR_3G_UP_SCRIPT && touch /tmp/.adsl_down )) ; fi
Three) See Edimax 3g routers ( zeroshell linuxfw-distribution looks like zeroshell has failover in it, so get a cheap pc for a router and use zeroshell. I haven't tested it though )
Four) Test, persist and when failover is needed for the first time, it's going to fail (because of something stupid...).
I'm not sure that you need squid for this setup unless to speed up 3g connection with local cache of most common pages you visit..
Have you considered any hardware based solutions as i can see most posters using software solutions?
Not sure of how much you want to spend but a DrayTek Vigor 2830n would accommodate your needs. There may be cheaper alternatives, but this is the one I've used at two different sites and has functioned exceptionally well.
There are 3 WAN connectivity on this device, the Standard ADSL line, Ethernet connection and 3G dongle. You can set this up just using the ADSL and 3G dongle and using the router itself. The 3G dongle does not need to be on 'load-balance mode' but pure WAN-backup mode only.
Having re-read the original post, I'd like to add that you can even restrict VPN traffic only over the 3G dongle to minimise bandwidth cost on your 3G dongle.
I have done this any times for customers and i have not found a developed system to make this so i have ever roll my own, the steps that Manwe has given you are more or less what i do when i need them but i will paste here any crude bash scripts i am using (when i have time i want to make this much better in python).
Basically i check if i have internet or not and if i am using the wan backup and make the changes needed
#!/bin/bashPATH="/bin:/sbin:/usr/bin:/usr/sbin"primary_gw="192.168.1.1" #for example.check_one="8.8.8.8"check_two="8.8.4.4"#first we check internet connection.if `ping -c 1 -W 1 $check_one |grep -E '(unreachable|100\%\ packet\ loss)' &> /dev/null` &&\ `ping -c 1 -W 1 $check_two |grep -E '(unreachable|100\%\ packet\ loss)' &>/dev/null` then #if we don't have internet if [ -e /tmp/wan_backup ] #if we are using backup right now we try to change to primary connection then ./script_change_to_primary.sh && rm /tmp/wan_backup #else we change to wan backup. else ./script_change_to_backup.sh && touch /tmp/wan_backup fifi#if we are using wan backup right now we check if primary connection works.if [ -e /tmp/wan_backup ] then if `ip route add $check_one via $primary_gw; ip route add $check_two via $primary_gw;\ sleep 2; ping -c 1 -W 1 $check_one | grep -E '(unreachable|100\%\ packet\ loss)' &> /dev/null &&\ ping -c 1 -W 1 $check_two | grep -E '(unreachable|100\%\ packet\ loss)' &> /dev/null` then #don't works we clean the routes and stay using backup ip route del $check_one via $primary_gw ip route del $check_two via $primary_gw else #it works so we change active connection ip route del $check_one via $primary_gw ip route del $check_two via $primary_gw ./script_change_to_primary.sh rm /tmp/wan_backup fifi
Given that you only want your server to use 3g if adsl goes down i would only use iptables snat or masquerade only in the adsl iface and i would block access to squid in ./script_change_to_secondary.sh, your files could be:
script_change_to_secondary.sh
#!/bin/bashpon 3gIsp #this one it is going to change the default route of server anyway#drop squid connections, you could disable here the boot snat or masquerade for adsl#but given your adsl is not active i don't see the need anywayiptables -I INPUT -s LAN_IP_RANGE -d SERVER_IP -p tcp --dport 3128 -j DROP
script_change_to_primary.sh
#!/bin/bashpoff 3gIspiptables -D INPUT -s LAN_IP_RANGE -d SERVER_IP -p tcp --dport 3128 -j DROP/etc/init.d/openvpn restart
You should have too in /etc/ppp/ip-up.d/ a bash script with "/etc/init.d/openvpn restart", this way every time you connect to a ppp provider your openvpn will restart automatically.
Well like i have said it is a bit ugly and crude but it works :) if you find a integrated clean solution for this make me know please :), one good thing of roll-your-own it is that you have a complete control of the system, this is an oversimplification of what i do in any customers that have two or three connections alive at the same time and do a load balancing and QoS all integrated with scripts that detect connections problems and changes the routes and the QoS.
If you prefer an integrated solution to a roll-your-own you can use a distribution like zentyal, it supports what you want to use but it is a complete distribution tailored to create a SmallBusiness server, i usually prefer to configure my servers at my own but this is a good distribution that can be managed via web.
1) Not too difficult - run a task and check for the status of your DSL - when it failes, start up the 3G-Interface and fail over the default route. Maybe you might need to restart your VPN as well.
2 & 3) Never checked for a prebuild package myself, as my favourite firewall does include that feature by default. Check www.astaro.com (the software-appliance is free for home-use or you can use the default 30day trial for testing)
4) Never had any sigificant problems with WAN failovers (other than the backup-line beeing also down)
tsg
I think you could use keepalived to ping a remote internet address (Google mayhaps) every .. 30 seconds with some timeout. If the ping times out configure keepalived to shutdown eth0 and bring up the 3G interface then restart your VPN.
You should consider delays etc. when configuring keepalived so that it does not switch interfaces when not needed. Some testing/experiments will be needed. I cant think of a way to revert to the ADSL line when its back alive though.
If you have a router between the ADSL modem and your server, or the modem has a external address that you can ping you could probably use that as criteria for reverting the connection.
KeepaliveD site
Hope that can get you started!
- 3G上网卡做以太网备用通道的方案
- USB 3G上网卡的模式切换
- 3g卡手机卡和3g上网卡的区别
- 联通3G上网卡
- 无线网卡、无线上网卡、3G等概念的关系
- 解决3G上网卡与VM7冲突的方法(华为EC122 3G上网卡)
- Android 上网本上使用3G上网卡的可行性
- 3G无线上网卡的架构与设计(转载)--20071217
- 2009年的3G上网卡市场,华为将会领跑
- 中兴AC2746 usb接口的3G上网卡
- 苹果雪豹下如何用电信的3G上网卡
- 杂牌3G上网卡在ubuntu下的使用
- 手动创建3G上网卡拨号连接的参数设置
- linux -- 嵌入式Linux下3G无线上网卡的驱动
- Android 实现以太网口共享3G网卡连接外网
- android4.2系统,实现应用层调用以太网/3G网卡
- pcduino上移植3G上网卡驱动
- 嵌入式3G网卡的移植
- Java集合对象排序测试
- C++ Primer 中文版 学习笔记(六)
- iOS开发中需要的素材
- 字符
- Yii PHP 框架分析
- 3G上网卡做以太网备用通道的方案
- 联网状态下,ARCGIS 10无法启动的问题
- 克强经济学 程序员你看吗?
- erro: "Instantiation of '***' failed. The design unit was not found"
- c# WinForm实现窗体上控件的自由拖动
- 做管件网络销售之前,必须要做的三件事
- apache配置本地测试多网站域名与虚拟主机
- OSTimeTick()函数解析
- HDOJ1527 [威佐夫博弈]【典型】