Several VPN tunnels are available for anonymity. But they are all bandwidth-limited, and some are unreliable. Let's say they are accessible through interfaces eth0, eth1, eth2, ...

1. How can a linux box be set up to use all these VPN tunnels simultaneously in order to increase bandwidth for browsing?

2. How can redundancy be added so data is transferred in duplicates through interfaces eth0 and eth1?

3. Is it possible that an rsh session goes through all VPN tunnels, as in 1 and 2 above?

By design a VPN is supposed to not be able to share data. One can break that.

For the most part, you can't speed up by using more than one. An old modem used two phone lines but it had to have the similar box at the other end.

No, you can't split up a tcp/ip transaction connection.

Been recommended to use ifenslave for this, not sure what it does. Is it breaking some unwritten rules?

You could theoretically turn the machine into a router and essentially look at each connection as a WAN connection then via load balancing you could take advantage of more than one tunnel at a time, however, it won't do things like speed a download up, because the download will only happen over one pipe. But multiple browser requests or multiple downloads could be conducted in parallel faster.

The man pages of ifenslave say:

"ifenslave is a tool to attach and detach slave network devices to a bonding device. A bonding device will act like a normal Ethernet network device to the kernel, but will send out the packets via the slave devices using a simple round-robin scheduler. This allows for simple load-balancing, identical to "channel bonding" or "trunking" techniques used in switches. The following example shows how to setup a bonding device and enslave two real Ethernet devices to it:

# modprobe bonding
# ifconfig bond0 192.168.0.1 netmask 255.255.0.0
# ifenslave bond0 eth0 eth1

What does the bold mean, if not sending the packets of a single connection through several devices eth0, eth1, etc?

Even if a connection can only go through one of the slave devices, how can a remote server help so a connection is artificially split at my end, and rejoined at the remote server end? So the site visited thinks everything is coming from the remote server.

What about TCP over UDP? TCP making the connection, UDP individual packets getting shared by ifenslave between the slave devices, and the remote server putting them back together? Something like TCP over UDP seems to exist already:

"iproxy comprises of a client-side proxy and a server-side proxy that
allows arbitrary TCP/IP services to run over Broadcast, Multicast or
Unicast UDP."

http://horms.net/projects/iproxy/ipr...roxy_paper.pdf

TCP and UDP are two protocols in the TCP/IP netowrking suite. you shouldn't really do TCP over UDP unless you are running something like a VPN tunnel. The reason for this is TCP is for for reliable communication where all the packets need to be received, where as UDP is used in cases where some loss is acceptable, like video streaming. The only issue I see with TCP over UDP is that if the UDP stream is very lossy it will significantly slow down the TCP traffic because they TCP packet will have to be transmitted again, more frequently by additional UDP packets.

What the bold in your earlier post means is that it will round robin connections through the interface that are slaved, that does not mean for instance you start streaming a video and each packet comes in from a different interface. But it does mean you start streaming a video and it used one of the connections then you start a download it uses another and then you browse the web and it uses yet another.

That project "iproxy" sounds interesting, but it still doesn't sound quite like what you are looking for. Yes it does allow TCP traffic over UDP packets, but the software implements the error checking that would normally be done by the TCP protocol natively. It still doesn't really do what you want it to do, and I can think of very few situations where this would be some thing you want to do. As a mater of fact early on in the PDF you link to the stated purpose for implementing this initially was to configure servers that didn't all ready have IP addresses via web browser, a very special case.

If you can configure two servers at both ends of the links to be aggregated, then theoretically you can run a protocol similar to Cisco's etherchannel to bundle up multiple interfaces and increase bandwidth. A requirement for etherchannels however is that the interfaces are of the same type and speed. In our theoretical setup, you will need to have similar delays over all the links, or put up with large buffers and increasing the total delay to that of the worst link which I suspect will defeat the purpose of the whole excercise.

Even if you have 2-3 poor quality links of very similar average delay, the actual delay is going to vary hugely and you will need to always go as fast as your slowest link. So the overall result could easily be negative...

These are just my thoughts, I am tempted to experiment with this in a lab

Having difficulty locating a protocol similar to etherchannel in the debian repos. Any suggestions what should be looked for?

Looking at http://www.kernel.org/doc/Documentat...ng/bonding.txt i think you are already onto the right tool.

That one will round-robin connections, not individual packets, according to scheidel21 above.

No bonding is a little different than round robin, ifenslave that you were looking at does a basic round robin. Bonding uses a bit of a more complex algorithm. There are actually many ways to load balance. ifenslave is a simple way to do so.

Section 12.1.1 in the link above outlines the different modes of operation. First paragraph:
I am not saying it is the best mode, this will depend on your topology and usage patterns.

Round-robing or not, no load balancing with the bonding driver has been described in full yet that will put a connection through all network interfaces simultaneously. If this is supported by the bonding driver, how do we set it up?

True, but nikmit points out that that balance-rr basically does what you want. Now how to implement it, I unfortunately can't say. I'm not even sure if it will work with different IPs on each interface. Usually it's multiple interfaces bonded together into one large interface basically.