Need some VPN advice

I currently have a pfSense router and 150/150 fiber. What I would like to have is a way to combine 2 WAN connections (adding cable)and have a single public IP which allows me to host multiplayer sessions with port forwarding. What provider would allow this, and what are the downsides? Thank you in advance

Not possible to have 2 WAN connections and have only a single WAN IP.

Farva said:

Not possible to have 2 WAN connections and have only a single WAN IP.

Click to expand...

Weeeelllll....it's certainly possible. It just requires BGP peering and OP paying for his own /24 as they are no longer available from ARIN and injecting it into the global internet routing table. The limiting factor here are your ISPs which certainly wouldn't do this for a residential customer.

Another option would be some sort of tunneling service. You'd have to tunnel all of your traffic to a 3rd party who could then hide the dynamic routing in the tunnel. But if you're going to those lengths, might as well just put a server in a DC or rent one and be done with it.

Are you hosting a game server for a lot of people to join or is this just for you and some friends to join casually? Online gaming doesn't require a lot of bandwidth and a symmetric 150Mb connection is more than sufficient. Unless you're looking for resiliency, specifically.... then an alternative to BGP would be to use DNS for failover and is offered as a third party service.

This is just for casual gaming, would just rent a server for anything serious. My fiber connection is plenty of bandwidth, yes, but its Frontier, and has some small service interruptions. My main goal is to have a more anonymous public IP with connection redundancy, with the server hosting being secondary. I already have all the hardware for dual WAN, including the cable modem, so it is just a matter of setting up the appropriate service in pfSense. I thought this dual WAN with single Ip was a more common setup? I know I have heard of such a service before, but cannot remember the name.

Are you thinking of link aggregation or failover? Neither are exactly what you describe though.

Brian_B said:

Are you thinking of link aggregation or failover? Neither are exactly what you describe though.

Click to expand...

Probably 'load balancing', but again, not the right tool.

Thevoid230 said:

I thought this dual WAN with single Ip was a more common setup?

Click to expand...

If it is routable, which interfaces are, then it has a routable address. Meaning that you absolutely can hook both WAN connections up but each will have its own public IP assigned by the respective ISP.

Everything you do will be done in pfSense, and it will be some form of routing- and this is where I get off .

Assuming you are in the US you need the following:

1.) AS # from ARIN
2.) CIDR block owned by you from ARIN. This most certainly does not have to be a /24 as previosuly stated. Could be IPv4 or IPv6. IPv6 will be cheaper.
3.) Providers willing to BGP peer with you. Please note these do not have be your ISP as you can use tunnels to accomplish this.
4.) BGP configured router


Going the the IPv6 route will run you about 1K or so initial cost plus some recurring annual fees to ARIN in addition to what your peering partners will charge. IPv4 will be substantially higher.

Noone seems to understand my question.

Base assumption: a VPN service (such as NordVPN or Private Internet access) is tunneled to by your computer. This effectively gives your computer the public IP of the VPN exit server to which it is connected. Therefore, if an external computer was trying to communicate with yours, it would connect to the VPN IP, not to your ISP IP.

The question restated: Since the VPN is acting as your public IP, is it possible for it to aggregate 2 connections (such as cable and fiber) such that, if one goes down, the other one still works as normal? And secondly, the same service could support port forwarding?

Sorry for the confusion, I hope this is clearer

LOL ....NO, we understood just fine. You did not. The VPN exit point is just that. It is also not dedicated to you. To use it as an entry point would require the VPN provider to configure NAT rules to port forward back through the tunnel to you.