S
S
scarab2017-02-08 00:11:51
openvpn
scarab, 2017-02-08 00:11:51

How to build a failover cluster of OpenVPN servers?

Greetings, dear All.
Tell me how to build a fault-tolerant complex with OpenVPN?
There is a central office of a certain company.
There are two OpenVPN servers in different data centers: vpnA and vpnB. Both are connected by tunnels to the central office.
Many remote points cling to these OpenVPN servers. Each point knows about both servers, so they can connect to anyone equally. For a number of reasons, the OpenVPN L2 mode is used.
Question: how (probably using dynamic routing?) to ensure connectivity from the central office to each remote point, regardless of which server it is connected to at the moment?
If you register different pools for clients on vpnA and vpnB, then remote points will receive either one or another address, and they must be accessible from the CO at a fixed address, regardless of which gateway they are hooked on at the moment.
If you register the same, then each VPN server will have the same directly-connected subnet (192.168.0.0/24). Then the remote point remoteA will come to vpnA and get the address 192.168.0.10, and the point remoteB will come to vpnB and get the address 192.168.0.15.
Raise a /32-route to each connected point and redistribute it to the CO? Is this possible at all? And is it possible not to redistribute the route to the 192.168.0.0/24 network itself (otherwise two such announcements will come from vpnA and vpnB).

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
mikes, 2017-02-08
@mikes

You can change openvpn to tinc or any other mesh vpn.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question