I made two servers on two different sites and put two remote lines in the
client .conf. On
each client I made two different connections, one for each server and the two
I separated the routes using ospf and put each server belonging to a different
area. So I
stopped having conflict between the tunnel routes. It has worked well so far.
have stopped dropping and when the connection falls between a client and a
server I still
have access to that site that is down.
It was the best way I found of solving the problem. Maybe there's another one I
know. If someone has a better way, I'll be happy to know.
Thanks again for your attention.
On domingo, 6 de agosto de 2017 14:32:53 -03 you wrote:
> On 25/07/17 19:24, Marcelo Moraes wrote:
> > Hi everybody.
> > First of all, I'm sorry. This may be a very simple matter, but I'm not
> > succeeding in solving it.
> > Ineed to make a high availability between two openvpn servers that are
> > in two different physical locations. I thought first of making a server
> > and a client for each connection and propagating the routes through
> > ospf. I also thought about creating two servers, and adding them to a
> > single multi-line client with the remote command.
> > What would be the best way to do this? Of these two forms mentioned
> > above I am having problems with the tunnel routes, because if a server
> > goes offline for some reason, when it returns, the openvpn service can
> > not go up that route because there is already a same route through
> > another path and then the server Error and stops.
> A transparent HA solution is not going to work so well. There exists no
> session transfer possibility on the server side, which is needed to
> avoid clients doing a re-connect.
> If you deploy any type of HA front-end, which passes the traffic to a
> backend server, the connection _must_ be kept to the same backend server
> for the life-time of the session. If that is not possible, the client
> will therefore restart the VPN connection.
> A more simpler approach, which will work is to have multiple --remote
> lines in your configuration. Deploy that with --remote-random and you
> can also get some kind of load distribution. And with proper
> --keepalive in configuration files, the client should automatically
> reconnect if the connection drops.
> See also the <connection> section in the man page for more details on this.
*AtenciosamenteMarcelo Moraes | Suporte TIFone. 17-3330-5000 (ramal 5006)Skype.
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list