[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Openvpn Failover configuration


  • Subject: Re: [Openvpn-users] Openvpn Failover configuration
  • From: Josh Endries <jendries@xxxxxxxxxxxx>
  • Date: Thu, 24 Aug 2006 09:52:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

Giancarlo Razzolini wrote:
> I suggest you to use some failover on a level below openvpn. Something
> like CARP might do the trick. I've recently been playing with it, and
> you have 2 choices. You can use it on it's native platform, OpenBSD or
> you can play with ucarp (www.ucarp.org), but i didn't tested it, and i
> believe that it lacks the synchronization of states that pfsync
> provides. Failover isn't an easy thing, but if it works, you are a lucky
> sysadmin :)

Sorry to barge into this thread, but I'm also looking into doing
failover for a VPN I'm setting up (currently only OpenVPN clients). I
was going to use either VRRP on my switch or CARP/VRRP on the hosts
(FreeBSD). My question is about what will happen in a failure. After one
server dies and the backup takes over, do all the clients need to re-key
themselves and use the new server? Is this automatic with OpenVPN
clients, more or less seamless to the users (except for a pause)?

Thanks,
Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFE7a8eV/+PyAj2L+IRAoEjAJ0R7qG7phog7WOmd37sArAxC+lp2ACdGz0s
DWo490y/HKLfNvOXQFi6T/E=
=fZBU
-----END PGP SIGNATURE-----
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users