On 25/07/17 19:24, Marcelo Moraes wrote: > Hi everybody. > > First of all, I'm sorry. This may be a very simple matter, but I'm not > succeeding in solving it. > > Ineed to make a high availability between two openvpn servers that are > in two different physical locations. I thought first of making a server > and a client for each connection and propagating the routes through > ospf. I also thought about creating two servers, and adding them to a > single multi-line client with the remote command. > > What would be the best way to do this? Of these two forms mentioned > above I am having problems with the tunnel routes, because if a server > goes offline for some reason, when it returns, the openvpn service can > not go up that route because there is already a same route through > another path and then the server Error and stops. A transparent HA solution is not going to work so well. There exists no session transfer possibility on the server side, which is needed to avoid clients doing a re-connect.
If you deploy any type of HA front-end, which passes the traffic to a backend server, the connection _must_ be kept to the same backend server for the life-time of the session. If that is not possible, the client will therefore restart the VPN connection. A more simpler approach, which will work is to have multiple --remote lines in your configuration. Deploy that with --remote-random and you can also get some kind of load distribution. And with proper --keepalive in configuration files, the client should automatically reconnect if the connection drops. See also the <connection> section in the man page for more details on this. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users