<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><pre>><i> Hi there!
</i>><i>
</i>><i> OpenVPN server has an 'management interface' that allows the admin to
</i>><i> delete, add, modify, authorize client connections.
</i>><i>
</i>><i> As far as I know, it doesn't exist any preestablished method for
</i>><i> sharing connections between openvpn servers, so in issues like
</i>><i> failover and/or active-active configurations the behavior is pretty
</i>><i> rudimentary (just using a LSB resource to start and stop the daemon).
</i>
Stopping and starting the daemon is not a big problem. OpenVPN offers a auto-
connect feature (option: keepalive) that reestablishes the connection after
the interruption.
><i> I'm looking for something or someone that previously showed interest
</i>><i> in this topic.
</i>><i> If no, I will investigate the creation of a new RA or maybe a tiny
</i>><i> daemon for deploying in master/slave modes.
</i>><i> I think using netcat i'm able to get all openvpn data and also using
</i>><i> netcat to inject the data in another openvpn server.
</i>
What be great to create a "connection table sync" during the failover. But
please consider if this is really worth the effort when using the keepalive
option in the client config.
When programming it, please think about a connection table sync daemon, like
in ipvs or netfilter.
Greetings,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98</pre><br><br></blockquote><br>Ok, I will take a look at the keepalive option.<br><br>Anyway, I had always in mind conntrackd.<br><br>Thanks for your reply :)<br><br>Best regards.<br><br>-- <br>#<br>
# Arturo Borrero Gonzalez || <a href="mailto:cer.inet@linuxmail.org">cer.inet@linuxmail.org</a><br># Use debian gnu/linux!<br>#<br>