Terminal Services Via Multi-wan Adsl Router

[TopDogger]

Hi,

I am to setup a terminal server on a multiWAN ADSL router.

Each WAN ADSL link will be with a different ISP and obioulsy have a different dynamic IP addresses.

My question is normaly in a single IP situation you setup port forwarding and your done.

With 2 WAN IP's how do i go about configuring the connection IP in the RDP client if there is 2 ?

what if 1 IP is down ?

How well would Round Robin DNS records solve this issue, is there a better option?

Thanks

Edited May 21, 2009 by TopDogger

[Crushdepth]

Can you assign a hostname to your router with a DDNS service like DynDNS. It will handle all the IP tracking for you and you can just use the hostname to connect rather than the IP.

Edited May 21, 2009 by Crushdepth

[TopDogger]

Can you assign a hostname to your router with a DDNS service like DynDNS. It will handle all the IP tracking for you and you can just use the hostname to connect rather than the IP.

Both routers can do this yes, that isn't really the issue though. What I'm looking for is some sort of connectivity based DNS routing as round robin from what I can gather will still return the A record of a router even if its down. Do any of these multi WAN manufacturers offer such a service?

I want to be able to add a single hostname in the rdp clients and have it routed to the primary WAN connection but fallback to the secondry if this is unavailable.

[stumonster]

does your config for your RDP client allow 2 remote Ips ?

openVPN config has 2 , falls back to the second - maybe your RDP client allows this

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote my-server-1 1194

;remote my-server-2 1194

[Veazer]

FreeDNS claims to offer what you need: http://freedns.afraid.org/

From the feature list:

• 
  
• Round robin DNS supported (Multiple IP addresses for 1 hostname)
  
• Dynamic DNS supported, several clients for Win32 and UNIX available (not sure if your router will support it)
  

Here's a few other DNS providers: http://www.thefreecountry.com/webmaster/freedns.shtml

[TopDogger]

The RDP client doesn't allow that. I was wanting to keep things simple so was going to use the native RDP.

I suppose openVPN could be used to solve this though.

OpenVPN server on the Terminal server, clients connect to that and then RDP through the tunnel to the servers local IP. I was wanting to keep client connections down to a single click though.

U know of any RDP clients that allow multiple domain's / fallback domains etc? Any thoughts on the round robin dyn dns type setup or who offers such a service?

Thanks

[TopDogger]

FreeDNS claims to offer what you need: http://freedns.afraid.org/

From the feature list:

• 
  
• Round robin DNS supported (Multiple IP addresses for 1 hostname)
  
• Dynamic DNS supported, several clients for Win32 and UNIX available (not sure if your router will support it)
  

Here's a few other DNS providers: http://www.thefreecountry.com/webmaster/freedns.shtml

Cheers, I will check it out!

[Veazer]

does your config for your RDP client allow 2 remote Ips ?

openVPN config has 2 , falls back to the second - maybe your RDP client allows this

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote my-server-1 1194

;remote my-server-2 1194

You'll need to add 'remote-random' or it tries to connect in the order listed, not really balanced. It's a good idea though, i have no idea if RDP supports this. As you said in another post though, RDP is best done through VPN so your solution would fix it if he's using OpenVPN.

[TopDogger]

The name of the game is DNS autofailover by the look of it... Found these 2 sites..

http://support.easydns.com/Failoverfaq.php#2

http://dynect.com/

Not sure if there going to work with CNAME lookups tho, dyndns definitely doesn't..

Edited May 21, 2009 by TopDogger

[Veazer]

The name of the game is DNS autofailover by the look of it... Found these 2 sites..

http://support.easydns.com/Failoverfaq.php#2

http://dynect.com/

Not sure if there going to work with CNAME lookups tho, dyndns definitely doesn't..

Failover is generally used when there is separate mirrored backup server available. For failover to occur, the primary server has to be unavailable before DNS will transfer to the alternate IP. In your case, aren't you trying to get the most of your bandwidth and balance the RDP load across both connections? If that's the case, you don't want failover.

As you said though, DynDNS can't help with this.

[TopDogger]

No, load balancing isn't what I'm looking for but QoS. I just want to be as sure as possible that should either ADSL connection to the server fail the other would be switched to automatically so clients can still connect/reconnect. And that a client can use a single domain to connect, but if one server ADSL connection is down, the other would be used.

I thinking I should forget all about the multi WAN and just put another ethernet card in the server connected to a 2nd ADSL router and then use some sort of dynDNS service with DNS failover?

Thanks

[Veazer]

No, load balancing isn't what I'm looking for but QoS. I just want to be as sure as possible that should either ADSL connection to the server fail the other would be switched to automatically so clients can still connect/reconnect. And that a client can use a single domain to connect, but if one server ADSL connection is down, the other would be used.

I thinking I should forget all about the multi WAN and just put another ethernet card in the server connected to a 2nd ADSL router and then use some sort of dynDNS service with DNS failover?

Thanks

I would be more tempted to use the idea Stumonster started, if you're willing to use VPN. You'll have better security than the standard RDP security, easier name resolution because your clients will be handed the WINS server by DHCP, no ridiculous port fowarding tables (if using many hosts, i mean). It would be fully redundant because it will try both dns records, and it will balance the load a bit because the route is chosen randomly by the client. I undertand you're not seeking load balancing, but if you're seeking reliability and you get balancing as a side benefit... why not?

You could do the same with your last idea, but you'd need matching certs in both routers.

[TopDogger]

Yep, starting to think the same thing. With openVPN the RDP connection wouldn't even disconnect should one of the routers go offline? It would just cause a few packet bracktracks?

Edited May 21, 2009 by TopDogger

[TopDogger]

does your config for your RDP client allow 2 remote Ips ?

openVPN config has 2 , falls back to the second - maybe your RDP client allows this

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote my-server-1 1194

;remote my-server-2 1194

Cheers Stumonster!

[stumonster]

you can set openWRT up on 54GLs ( plus various other hardwares ) with multiple WAN ports - and running an openVPN server - just might be tricky getting the DynDns updating each WAN addy.

but 2 54GLs each controlling an ADSL modem , tomato+VPN firmware and their LAN side both on the same subnet would be the simplest. you can set the VPN server to use a local DHCP server to hand out addresses to the VPN Clients but after trying both in various places I just give the VPN server a small pool of LAN addresses to hand to clients.

it is a nice easy and secure way to establish tunnels across the net - real bandwidth will make them even more useful

[TopDogger]

Stumonster.. Will the openVPN connection stay up with no disconnects if the SSH tunnel drops back to the 2nd IP? How does openVPN handle this?

Cheers matey..

[stumonster]

the openVPN client continues to attempt reconnect when the server goes down and will reconnect when it comes back up again.

I have a remote machine ( it also sits behind a openVPN server ) and it has 5 tap interfaces installed and each of those connect to a remoteVPN server which have a network behind them - another network connects to one of the servers via a 54GL running as client and there is client to client connection between them - I have done it that way there because of the way the internet access is managed on that site. The main machine runs TheDude and monitors IPcams and wifi routers at all the remote sites and probes various configured services each minute and after 5 negatives it will email an email address with the device name and service failure - a subject filter converts some to sms.

with some of the older versions of tomato+openVPN firmware I was having some problems with the VPNserver locking up over time, but I scheduled them to restart each day at 12 to 1 am , but it does not seem to be necessary with the latest firmwares.

when a new IP is assigned by the ISP to the sites the connection is re established within the 5 min timeframe.

the only problem I could see with your SSH tunnels is when it swaps to the next VPN server the tap interface will be assigned a different IP , though if you are using a DHCP server to assign addresses it should receive the same one each time.

, dunno if I have answered your question with my ramble though.

[TopDogger]

You can specify the client/server tap IPs in the openVPN config no? ifconfig?

Your in or around the BKK area?

[stumonster]

the client IP can be set manual but if it is I am not sure if routes are pushed to it by the server if you do that.

I am in the Muang Tong - Pak Kret area of Nontaburi