MultiWAN Failover VPN Access

cleric_warlock · June 20

I’m planning to use a tplink er605 router to create a dualwan failover setup with a mobile router that itself has sims from atnt and verizon that are failovers to eachother which will feed into one wan port on the er605 while the other wan port will be fed by my comcast landline so that my server and its ipmi interface have functioning internet at as close to 100% uptime as possible. Since 3 isps are in the mix, is there a way i can set up my vpn router so i can securely access my full local network from anywhere through the web without having to get dynamic ips for my router from 3 isps and feeding them all into some potentially complicated DDNS setup for the access? What is recommended for a setup like this?

brwainer · June 20

Something like Zerotier or Tailscale is probably your best bet for this - they work differently from normal VPN, they use a server in the cloud whose purpose is to help your devices connect dynamically, but normally doesn’t carry any of your traffic. If your router doesn’t support either of those, you can instead run it on something inside your network to use as a jumping point.

cleric_warlock · June 20

1 hour ago, brwainer said:

Something like Zerotier or Tailscale is probably your best bet for this - they work differently from normal VPN, they use a server in the cloud whose purpose is to help your devices connect dynamically, but normally doesn’t carry any of your traffic. If your router doesn’t support either of those, you can instead run it on something inside your network to use as a jumping point.

After doing some more research it seems like what i need is a raspberry pi to run tailscale and maintain my er605 as a subnet router. Does that seem right?

brwainer · June 20

1 hour ago, cleric_warlock said:

After doing some more research it seems like what i need is a raspberry pi to run tailscale and maintain my er605 as a subnet router. Does that seem right?

Running it on a raspberry pi is definitely an option, and there’s going to be a lot of documentation and examples about that path. You could also do it on your server, but that means if you have server issues you’d potentially not be able to connect into the network to troubleshoot.

cleric_warlock · June 20

9 hours ago, brwainer said:

Running it on a raspberry pi is definitely an option, and there’s going to be a lot of documentation and examples about that path. You could also do it on your server, but that means if you have server issues you’d potentially not be able to connect into the network to troubleshoot.

I’m using the server for AI compute hosting and per the hosting agreement it needs to be doing nothing other than hosting while on a job, so the raspberry pi seems like the safest route. Seems like I could simultaneously use it to do other useful things like network wide ad blocking.

brwainer · June 20

1 hour ago, cleric_warlock said:

I’m using the server for AI compute hosting and per the hosting agreement it needs to be doing nothing other than hosting while on a job, so the raspberry pi seems like the safest route. Seems like I could simultaneously use it to do other useful things like network wide ad blocking.

Yeah, you can run a few different things on the same device, just be aware to what extent you’re making the network reliant on it, how to get around it if there are issues, and monitor it for CPU or Memory exhaustion.