OPENVPN: balancing + fixed client IPs = is it possible?

A

Andymion2018-03-04 11:00:01

openvpn

Andymion, 2018-03-04 11:00:01

Clients connecting to an OPENVPN server always get fixed IP based on the CN record in their certificates. Thus, their IP always belongs to a certain IP range.
OPENVPN supports load balancing/failover by running additional server instances that are poked (redirected) by the client.
Questions:
1. Is it possible to balance on one host? tun interfaces of the host in this case will be gates to the same subnet (to which all clients connect). This can break routing.
2. What balancing options are possible when using multiple openvpn nodes? There is a requirement not to NAT clients on nodes, but to release them to the network with assigned virtual IPs. Is it possible to do without OSPF for reverse routing towards clients through the correct ingress node?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

res2001, 2018-03-04
@res2001

1.What is the meaning of balancing on one host? Balancing is necessary if the host cannot cope and you need to direct part of the connections to another host. Therefore, balancing on one host is complete garbage.
2. The simplest balancing option is using two A records in the DNS for one OpenVPN server name. DNS in this case will give records by round robin and you will get free balancing.
It will be necessary to assign addresses of different subnets to clients on different OpenVPN servers, otherwise, as you yourself correctly noticed, a rake with routing will begin.
OSPF is not needed at all in this configuration.