|
|
Erich Titl wrote:
>>...Jason Keltz wrote: Since various clients are connected to both VPNs at the same time, how can the file server route back to the proper VPN?
I'm sorry that I wasn't clear. There are two VPN servers for load balancing/redundancy issues. Each client on startup chooses a VPN server to connect to. However, a client will only connect to one or the other. In the event of a failure, a client will connect to the other VPN server. In terms of adding routes back to the VPN subnets, that is what I want to do, but that is where there is a tricky problem... When an individual client connects to either VPN server, it will get the exact same IP. This is done so that software (like NFS) will be able to basically handle a client moving from one VPN to the other if a VPN server goes down... Each VPN server knows how to route packets to its own clients, but since there are two servers with the same address space, it doesn't seem possible with one route statement to route packets to both VPNs. I could solve this problem with source NAT. This way, the packets will come from the VPN servers, and not from the clients. The NFS server could easily talk back to the individual VPN servers. While this would "solve" the problem, it creates another one. With Source NAT, all entries logged for say, NFS, end up showing as entries coming from the VPN servers. This is not desirable as it makes debugging very difficult... I wonder if there is a better way to do what I want to do. Jason. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |