Currently looking for ideas on how to setup a HA openvpn setup.
Currently, I have two pfSense systems connected by a VPN link. OpenVPN clients connect to either of the systems, and Quagga runs OSPF between the pfSense systems so that all clients are accessable using their VPN IP from either router. Both pfSense systems are also connected to a pfSense system at home, which uses either pfSense server to access the OpenVPN Clients, depending on which pfSense server is up.
I would like to expand on that a bit, and instead construct something like the below image
Side note: switches represent OpenVPN TAP
Basically, if the OpenVPN connection between server1 and R1 is down, I should automatically be routed through the OpenVPN connection between server1 and R2. The OpenVPN clients should also be accessible by hostname; I have a learn-address script to generate the DNS entries on connection, but no idea on how I would make it work with such a setup. If both links are up, then the link with the least packetloss and lowest latency should be chosen.
Some thoughts:
OpenVPN sends a DELETE parameter instead of ADD to the learn-address script when the client is disconnected, perhaps removing the dns entry when DELETE is used instead of ADD should get it rolling.
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment