[Pacemaker] OpenVPN in HA, sharing client connections

emmanuel segura emi2fast at gmail.com
Tue Jul 10 12:58:31 UTC 2012


conntrackd - Connection tracking daemon

2012/7/10 Michael Schwartzkopff <misch at clusterbau.com>

> > Hi there!
> >
> > OpenVPN server has an 'management interface' that allows the admin to
> > delete, add, modify, authorize client connections.
> >
> > As far as I know, it doesn't exist any preestablished method for
> > sharing connections between openvpn servers, so in issues like
> > failover and/or active-active configurations the behavior is pretty
> > rudimentary (just using a LSB resource to start and stop the daemon).
>
> Stopping and starting the daemon is not a big problem. OpenVPN offers a
> auto-
> connect feature (option: keepalive) that reestablishes the connection after
> the interruption.
>
> > I'm looking for something or someone that previously showed interest
> > in this topic.
> > If no, I will investigate the creation of a new RA or maybe a tiny
> > daemon for deploying in master/slave modes.
> > I think using netcat i'm able to get all openvpn data and also using
> > netcat to inject the data in another openvpn server.
>
> What be great to create a "connection table sync" during the failover. But
> please consider if this is really worth the effort when using the keepalive
> option in the client config.
>
> When programming it, please think about a connection table sync daemon,
> like
> in ipvs or netfilter.
>
> Greetings,
>
> --
> Dr. Michael Schwartzkopff
> Guardinistr. 63
> 81375 München
>
> Tel: (0163) 172 50 98
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
>


-- 
esta es mi vida e me la vivo hasta que dios quiera
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120710/040cabb1/attachment.htm>


More information about the Pacemaker mailing list