On 25/07/17 19:24, Marcelo Moraes wrote:
> Hi everybody.
> First of all, I'm sorry. This may be a very simple matter, but I'm not
> succeeding in solving it.
> Ineed to make a high availability between two openvpn servers that are
> in two different physical locations. I thought first of making a server
> and a client for each connection and propagating the routes through
> ospf. I also thought about creating two servers, and adding them to a
> single multi-line client with the remote command.
> What would be the best way to do this? Of these two forms mentioned
> above I am having problems with the tunnel routes, because if a server
> goes offline for some reason, when it returns, the openvpn service can
> not go up that route because there is already a same route through
> another path and then the server Error and stops.
A transparent HA solution is not going to work so well.  There exists no
session transfer possibility on the server side, which is needed to
avoid clients doing a re-connect.

If you deploy any type of HA front-end, which passes the traffic to a
backend server, the connection _must_ be kept to the same backend server
for the life-time of the session.  If that is not possible, the client
will therefore restart the VPN connection.

A more simpler approach, which will work is to have multiple --remote
lines in your configuration.  Deploy that with --remote-random and you
can also get some kind of load distribution.  And with proper
--keepalive in configuration files, the client should automatically
reconnect if the connection drops.

See also the <connection> section in the man page for more details on this.

kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to