Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
shahneff2019-11-25 21:50:58
VPN
shahneff, 2019-11-25 21:50:58

How to provide failover web service and ipsec vpn?

For the first time, I faced the task of providing fault tolerance for a web service running inside ipsec vpn.
Specifics are not needed, you need a general understanding of the solution or technology for further setting the task for the performers.
Simplifying the scheme, there are 2 servers in different data centers, they are synchronized with each other via an internal VPN.
The web service is published on the servers.
Each of the servers is ready to raise the ipsec tunnel with the client's server/servers.
There is an external user - a client - who wants the tunnel to be raised by default with the first server and the web service to be used on it.
In case of failure of the first server, "dynamic routing" (I don't understand what to route here, no AS, data centers are independent) should allow the client to switch to the second vpn tunnel and the second web service with a maximum downtime of no more than 15 minutes.
I can't figure out what technology is being proposed. I suggest other clients always keep 2 tunnels, and go to the web service by dns name. If the main server fails, I change the A record on the external DNS, and the client goes to the second server. TTL recording 15 minutes.
Tell me where to dig))

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
shurshur, 2019-11-27
@shurshur

In fact, ipsec vpn is not really vpn, it's just traffic encapsulation in tunnel esp ipsec mode, which is performed after the rules-based routing in the ipsec configuration. I would advise you to raise real vpn with the client (openvpn / l2tp / etc.), including they can be raised over ipsec (if the client's security policy requires it). And then it’s easy even to resolve the main and backup VPN with metrics to the same IP (which will actually be terminated in different data centers). This is the easiest option if the client cannot balance itself between two connection points, one of which may fail.

Similar questions
I
impressive172019-12-04 00:39:50
What is the difference between the structure of projects in Obj C and Swift languages? 6Reply
K
ka-may2020-11-23 18:03:37
How to connect to l2tp server on mikrotik using your peer? 1Reply
C
cptedward_kenway2022-04-17 23:14:12
What library is suitable for working with vpn on the phone? 1Reply
Y
Yura Storchak2019-03-06 22:05:05
A browser with a built-in vpn, but so that there is no anonymity, is it conditional that the browser remembers the username and password of the account and the entrance is always there automatically? 1Reply
A
Alexey Korolev2014-10-07 18:15:52
How to restrict vpn access to everything except certain resources? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question