In the last episode I rented a server in order
to build my own VPN service. The idea was to change my geo-location and
possibly get access to services which are not available where I live. In this first episode of the VPN bonding series
we will use a VPN connection to a virtual server just like the one which I have rented
in order to bundle multiple internet connections into one and hence possibly double, triple
or quadruple my internet speed. We will do this by using multiple Wifi hotspots
like this one or personal hotspots from an iphone or android device or of course multiple
cable or DSL connections. The solution is manual for the time being
but if you are looking for an automated solution please see my call to action at the end of
this video. (intro) Like many of us I do not see my parents that
often these days. My father will soon be 80 years old, but he
does have a smartphone and he is using WhatsApp. So recently I thought – why not just give
him a video call ? He was actually very surprised when he saw my mug on his phone. Unfortunately we could not have a proper conversation
because of bandwidth limitations. My parents live in the countryside, so they
have all the advantages of a rural environment – that is space, nature, calm, good air
and so on. However, when it comes to infrastructure,
things are not always so great. Their internet connection for example. I live in the city and have a 100MBit downlink
and a 40 Mbit uplink. The best my parents can get over cable or
DSL is 6 Mbit down and 1 or 2 Mbit up. That’s a bit short for good video communication. You might say – why don’t they just buy
a faster connection – well, the problem is that they would probably do so if they
could, but there is just nobody selling these. This is hard to understand if you live in
Chicago or Tokyo or Francfort, but it is a reality in the countryside. Now as I am a techie I thought maybe there
is a technical solution to this problem. My idea was to use a second and maybe a third
and fourth connection and bundle them together. Either they could buy a second phone line
or use a wireless 3G or even 4G connection and aggregate it with the existing line. In essence, if they can’t buy a larger pipe
why not build one out of many small pipes ? Checking Youtube for faster Internet connection,
the available videos fall into three categories. The first category that actually has the most
views are prank videos that promise double speed for free. While these might have an entertaining value,
they do not provide a solution, so their technical value is zero. The second category are videos that promote
a paid service. Some of these videos are not even clear that
if you subscribe to such a service, additional cost will incur – the service providers
will obviously not give you access to their infrastructure for free. Furthermore, these services are not necessarily
available everywhere, but can sometimes only be purchased in certain regions or even cities. So these do not provide any useful input neither. The third category of videos that I found
deals either with proprietary or open solutions to aggregate connections but usually they
do not increase the bandwidth but rather provide fail-over or resiliency solutions or just
bridge connections together. That might actually give you higher bandwidth
if you have many users using the internet connection or if you are doing P2P file sharing
or anything similar. The reason is the way the TCP/IP protocol
works. When TCP/IP was designed by the military back
in the 70s, a main requirement was resiliency in a sense that if a node in the network went
down, an information could still be routed over other nodes. Using multiple paths simultaneously for one
connection in order to increase the bandwidth had never been an initial requirement. So if you bundle two connections together
and you were for example watching a video over these connections, all the traffic would
still go over one single line. If a second person was watching another video,
that single connection could go over the second line, so the total bandwidth would be higher,
but not for one single given connection. What we therefore need is a fourth way of
doing things. As I have just said, just adding more internet
connections to your home network would not solve the problem as the other side, that
means the server or peer that you are trying to reach in the internet is not aware that
you want to use multiple connections or paths – that’s just by design. So how can this be solved ? Basically, we
would need a solution that can aggregate or bond multiple connections into one, then spread
the IP packets equally over the multiple connections, reassemble them somewhere in the internet
where we have higher bandwidth, and bond them back together into one connection. Linux does provide such a bonding or aggregating
solution. In the enterprise environment this is frequently
used to bond ethernet connections together for example to provide higher speed for very
busy servers. Unfortunately we can’t run ethernet cables
through the internet but rather need to rely on the infrastructure the providers give us. However, with linux you can also bond other
interface types. For example, let’s have a look at openvpn
(which is a free vpn solution that by the way many vpn providers use internally even
if their product has a different name). Openvpn can provide us with two adapter types
for a connection. One is called tun ( like for “tunnel”
), and the other one is called “tap” like formerly used for terminal access points,
mainly with dialup modems. The tun devices operate on OSI level 3, that
means they provide an end-to end network device over IP while the tap devices are quite similar
to ethernet devices. In other words, we can use linux bonding mechanisms
on openvpn tap devices and achieve our goal to bundle multiple connections into one to
a given VPN server in the internet. Like always you can download the scripts to
implement this solution from my github repository. The link is – like always – in the description
of this video. So what do we need to build this ? We need
a linux machine at home, that can be a Raspberry pi or a virtual machine running in VMWare,
Virtualbox, Fusion or Hyper V or it can be a router with an open firmware such as openwrt
or dd-wrt or tomato. Second, we need a Server in a datacenter with
a high speed internet connection, for example a vserver or VPS that you can rent from 1$
per month up – like I did in my last video. On the software side we need openvpn as a
vpn solution and a couple of tools that are mainly used to make installation easier. The scripts install these automatically for
you. Let’s start on the server. I am logging into the server using ssh. The first thing I do is install git because
I want to download the scripts from my repository. All I have to do is type apt install git and
then git clone and the URL of the repository which you can find on my github page. This downloads the scripts. Of course you could also just zip them together
or transfer them from your workstation to the server using WinSCP or FileZilla. Now let’s cd into the server subdirectory
and check the configuration parameters. By default, the scripts uses two connections,
but you can use virtually as many as you wanted. Just change the parameter in the provided
config file. If you are happy with the values just launch
install.sh. This script does a couple of things. It installs the necessary software and provides
a start and stop script for the bonding tunnel. It sets up multiple openvpn instances, depending
on how many connections you want to use. The first tunnel will be available on UDP
port 1191, the second on 1192 and so on. It does not change your firewall settings,
so you might need to open these ports on the vps firewall. Furthermore, it generates a secret key that
can be used by a client to connect to the vpn. Please be aware that this is not a perfect
way of using openvpn, it is just the easiest. The goal of this video is not to lock down
openvpn but rather to explain channel bonding. Perfect, this is all we need to do on the
server. Let’s now move over to the client. Same procedure. Check the config file. You need of course to specify the same number
of Tunnels here like on the server. Also, you need to tell the script which interfaces
you want to bond – in my case this is wlan0 and wlan1 but you may chose any interface,
be it ethernet or ppp or wireless or a 3G or 4G dongle. Last but not least the client needs to know
the name or address of the server. I have added this server into my hosts file
and called it myVPNServer but you could also specify the IP address directly. Great, once we are happy with all values then
we just launch the install script and again this does everything for us, such as install
the software, configure the vpn and copy the scripts for bonding. The interfaces that you are bonding together
do not necessarily need to be up at this point. One last thing that we need to do before we
can launch is that we need to copy the secret ta.key file from the server to the client
so that the client is authenticated to connect to the vpn server. The server installation script has printed
out that key at the end of the installation so you could easily copy paste it over to
the client. So far so good, we have a server with two
tap interfaces and we have a client with two tap interfaces. Now let’s start the machine. First thing we do is launch the startbond
script on the server. This actually launches the openvpn server
on two instances, bonds the tap interfaces and also adds a masquerading rule to iptables
so that we can for example surf the internet from the client. Next of course we need to start the bond on
the client machine. Note that at this point the interfaces that
you are aggregating need to be up. Running the startbond.sh script on the client
starts the openvpn clients on the given interfaces, binds the clients to the right interface,
changes the routing rules on the client so that it uses two or more distinct connections
to the same server and last but not least changes the default gateway of the system
to the remote vpn endpoint on the vps or vserver in the internet. Cool, now let’s test this. I have a bandwidth of roughly 20 Mbit per
wifi hotspot here. As I am bundling two connections together
that have roughly the same speed, I would expect getting approximately twice the speed
now. Also of course, the speed test should not
show my own IP but rather the IP of the data center where the VPS is located. When I ran this test for the first time I
was rather disappointed. I was expecting speed figures around 30 to
40 Mbits but what I got was this – barely 10 Mbits. I instantly thought – man it’s not working! The whole days that you have spent preparing
this video where a lost cause. Three week-ends for nothing. But then I started investigating. If we look at the diagram here we can see
that there are a couple of conditions that need to be fulfilled in order to give us a
real increase in bandwidth and speed. And guys, this is not specific to the solution
that I describe here, but it’s exactly the same if you buy a service. I’ll show proof in a second. The first chunk of this diagram is the local
connection speed. I’ve checked these without VPN by just enabling
one interface after the other and running a speedtest. Keep in mind that a speed test will always
select an optimal server close to your location. Those were fine and showed roughly 20 Mbits
per connection. The next bit I wanted to test is the speed
going out from the provider. Maybe their line is congested. So I launched a browser directly on the Virtual
Server in the remote data center, but that showed tremendous speeds up to 300 Mbits. Then there is the last remaining piece in
between which is my connection speed to the VPN Server. In order to test this I just established an
SFTP connection to the VPN server and downloaded a file directly from there. This is where the bottleneck was. I just did not have a high enough speed to
the VPN server in the first place. This clearly shows a limitation of this concept. And – as I said before – this also happens
with the paid services – this is just one example of many web sites outlining problems
like this – in this case it’s speedify, but any provider will have this problem. In essence it is pretty much like going for
a run as a group – the slowest runner needs to go first and determines the speed of the
whole group. So is it a good and viable concept at all
? I would say yes it is, but you need to remain realistic about your expectations. If you can just buy a faster connection then
go that way. It’s far more reliable and easy. But if you can’t and if you have really
slow uplinks like 512K or 1-2 Mbits then this solution does provide improvement. Alternatively, you might experiment with multiple
data centers – maybe you can find one that has much better bandwidth over the ISP you
are choosing. Most VPS vendors give you a 30 day trial so
there might be time to test this before you engage with any of these. Actually, when I did the first test I ran
it on a sunday afternoon – that is probably the worst moment in time to do connection
performance testings. Running the same test on a normal day during
my lunch break yielded in much better results: Here I got a speed of 16 Mbits down and a
not so bad 13 MBIts up over one single connection. Bundling the two connections gave me a fantastic
34 mbits down and 23 mbits up. So actually twice the speed as expected. It works. We have reached a Proof of concept state that
you can double your internet speed by bonding two connections over a VPN. So – at this point in time I need your help
– it is time for a call to action. In the next episode I will explain the technical
details of what the scripts do and how things work behind the scenes. So this is for you guys who are really interested
in looking under the hood. But where do should we take it from here ? This
is where I need your feed-back. I could think of various follow ups here – either
you say “no thanks, that’s fine, I was just curious to see – I do not want a follow-up”
– that’s perfectly OK, but please leave a comment to tell me. Or – we could evaluate more options such
as trying the whole thing with Wireguard rather than openvpn. Alternatively, a third option would be to
install this on an openwrt router and hence have an automatic connection to the vpn bond
that would be transparent, that means not require any manual scripts to be ran etc. Fourth option could be to launch a project
with custom hardware and software – I could think of a raspberry pi, maybe running on
a battery pack like I showed in my battery video with let’s say 2 or 3 3G dongles which
would give you a real mobile solution to set up high speed internet virtually anywhere
in the field. Fifth and sixth option could be to elaborate
on resiliency, that is – make the connection fault tolerant if one tunnel goes down and
last but not least maybe I could make a video on actually implementing this at my parent’s
home, maybe with Yagi Uda antennas to get better reach. Please, let me know in the comment section
what you would want to see next. Also, I would like to kindly ask you to leave
a thumbs up on youtube if you liked the video and of course subscribe to my channel so that
you don’t miss out on further episodes. Dear friends, this concludes today’s episode
– I hope you liked it – if so, please share this video on Whatsapp, on Facebook,
on reddit, Linkedin and Twitter – leave me a like and subscribe – Thanks for watching,
stay safe, stay healthy, bye for now.
