I need to set up a "point to point" VPN between two sites, I use the term "point to point" loosely since the endpoint systems on each end aren't really a system but a fail over pair of systems. We had a true point-to-point connection but then setup a fail over pair of servers at "Site 1". When we failed over we couldn't get "Site 2" to reconnect. Our first obvious mistake was we didn't have an additional 'remote...' statement in the Site 2 configuration. We added that (one "remote..." for each Site 1 Internet address) and restarted openvpn. It reconnected. However, we then "failed back" at Site 1 and Site 2 did not reconnect, our experience is that Site 2 only reconnected if we restarted the Site 2 openvpn. It occurred to me later that possibly point-to-point configurations couldn't have more that one "remote..." statement but I don't know if that is true. The next phase of this project is to set up fail over systems at Site 1 so things are only going to get more complicated. I've listed the "sanitized" (changed IP addresses) configurations for Site 1 and Site 2 below for reference. I'm open to almost any suggestion. Thanks for the help. Site 1 (172.16.1.0/24 172.16.2.0/24 and 172.16.3.0/24 are reachable through this site, 10.12.40.0/24, 10.12.41.0/24 and 10.12.70.0/24 are local to this site - I should mention that all these "far end" subnet specifications work with the true point-to-point configuration so they shouldn't be the focus of this issue) local 1.2.3.4 (the fail over system has "local 9.8.7.6", both are Internet-facing interface IP addresses on their respective systems)port 1197proto udpdev tunkeepalive 10 120comp-lzomax-clients 2persist-keypersist-tunstatus /var/log/openvpn-status.loglog-append /var/log/openvpn.logverb 3secret shared.keyifconfig 192.168.100.1 192.168.100.2route 10.12.14.0 255.255.255.0route 10.12.16.0 255.255.255.0route 10.12.18.0 255.255.255.0route 10.12.20.0 255.255.255.0route 192.168.2.0 255.255.255.0--management 127.0.0.1 9511 Site 2 (10.12.14.0/24, 10.12.16.0/24, 10.12.18.0/24, 10.12.20.0/24 and 192.168.2.0/24 are at this site) port 1197proto udpdev tun0remote 1.2.3.4 1197 remote 9.8.7.6 1197floatpersist-keypersist-tunstatus /var/log/openvpn-status.logcomp-lzolog-append /var/log/openvpn.logverb 3secret shared.keyifconfig 192.168.100.2 192.168.100.1route 172.16.1.0 255.255.0.0route 172.16.2.0 255.255.0.0route 172.16.3.0 255.255.0.0route 10.12.40.0 255.255.255.0route 10.12.41.0 255.255.255.0route 10.12.70.0 255.255.255.0--management 127.0.0.1 9511
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
