OSPF is a great way to distribute those routes between hosts, the
problem is getting the routes from the iroute table into the OSPF
routing table in the first place.
I have used quagga for an ospf daemon.
My first whack at this was an ugly kluge where I directly called vtysh
from my client-connect script, along the lines of:
#parse ccd file for iroute and/or ifconfig-push
if "connect"
vtysh -c 'config t' -c "ip route {net} {mask} {gateway}"
else
vtysh -c 'config t' -c "no ip route {net} {mask} {gateway}"
(please excuse my pseudocode)
My second whack at it was a slightly more elegant kluge, where a
process connected to the management interface and did... a lot of
things, including keeping track of iroutes and advertising them via
localhost RIPv2 announcements that could be listened to by quagga and
redistributed into ospf. I tried it out some, and it did work, but I
don't think anyone (including myself) has ever run it in production.
If you're feeling adventurous, it's here:
https://github.com/j-m-patterson/ovpnherder
The basic idea behind it was to have multiple openvpn servers at
multiple sites, and any client could connect to any server and have
their iroute-ed subnets and static IP routed to them via ospf.
Let me know if you're interested in it.
-Joe
On Tue, Sep 21, 2021 at 5:02 PM Alex K <rightkickt...@gmail.com> wrote:
>
> Hi all,
>
> I have a set of 3 hosts/servers, in an active/passive setup using
> pacemaker/corosync where openvpn runs only at one of the hosts.
>
> I have also some up/down scripts to add or remove some routes (defined from
> iroute entries at ccd files per client at server) whenever a vpn client
> connects or disconnects. For example when a client connects, a route is added
> announcing to the active host that a specific client network is reachable
> through the vpn tunnel of the client.
>
> Since this script is triggered only at the active host I wanted to find a way
> to announce these routes to the other passive hosts also so as to be able to
> reach these networks from the passive hosts.
>
> I was thinking to look into ospf or similar. Any ideas on how to tackle his?
>
> Thanks,
> Alex
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
