[Pacemaker] OpenVPN in HA, sharing client connections
Arturo Borrero Gonzalez
cer.inet at linuxmail.org
Tue Jul 10 08:51:46 EDT 2012
>
> >* Hi there!*>* *>* OpenVPN server has an 'management interface' that allows the admin to*>* delete, add, modify, authorize client connections.*>* *>* As far as I know, it doesn't exist any preestablished method for*>* sharing connections between openvpn servers, so in issues like*>* failover and/or active-active configurations the behavior is pretty*>* rudimentary (just using a LSB resource to start and stop the daemon).*
> Stopping and starting the daemon is not a big problem. OpenVPN offers a auto-
> connect feature (option: keepalive) that reestablishes the connection after
> the interruption.
>
> >* I'm looking for something or someone that previously showed interest*>* in this topic.*>* If no, I will investigate the creation of a new RA or maybe a tiny*>* daemon for deploying in master/slave modes.*>* I think using netcat i'm able to get all openvpn data and also using*>* netcat to inject the data in another openvpn server.*
> What be great to create a "connection table sync" during the failover. But
> please consider if this is really worth the effort when using the keepalive
> option in the client config.
>
> When programming it, please think about a connection table sync daemon, like
> in ipvs or netfilter.
>
> Greetings,
>
> --
> Dr. Michael Schwartzkopff
> Guardinistr. 63
> 81375 München
>
> Tel: (0163) 172 50 98
>
>
>
>
Ok, I will take a look at the keepalive option.
Anyway, I had always in mind conntrackd.
Thanks for your reply :)
Best regards.
--
#
# Arturo Borrero Gonzalez || cer.inet at linuxmail.org
# Use debian gnu/linux!
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120710/6ab2ec50/attachment-0003.html>
More information about the Pacemaker
mailing list