A
A
Alexander2020-05-15 09:18:50
VPN
Alexander, 2020-05-15 09:18:50

FailOver VPN organization?

There is a VPN server, several providers and VPN clients. (L2TP/IPsec)
What is required: if the first provider is disabled, the VPN server automatically turns on the second channel. But users have an IP address specified as a VPN server. There is a domain (*.com), we tried to do it based on the DNS name, but the hosting DNS server - round-robin does not support it. How can FailOver VPN be secured?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andrey Barbolin, 2020-05-15
@max0919

Three solutions.
1) Use your DNS (you can buy a separate domain for this). Add a short lived CNAME record and rewrite it when the VPN is down. PowerDNS is able to check the availability of a resource before giving a record.
https://doc.powerdns.com/authoritative/lua-records...
This is a complex scheme. You need to understand how to set up your DNS, you need to reserve it.
2) Rent VPS + HAProxy. We wrap all clients on VPS, configure HAProxy which will check the availability of providers and switch between them. Accordingly, all VPN traffic will go through the VPS.
The scheme is working, tested in battle.
3) Buy your AS (BGP)
The most stable and correct option for a large company. We use ourselves.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question