|
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, Giancarlo Razzolini wrote: > I suggest you to use some failover on a level below openvpn. Something > like CARP might do the trick. I've recently been playing with it, and > you have 2 choices. You can use it on it's native platform, OpenBSD or > you can play with ucarp (www.ucarp.org), but i didn't tested it, and i > believe that it lacks the synchronization of states that pfsync > provides. Failover isn't an easy thing, but if it works, you are a lucky > sysadmin :) Sorry to barge into this thread, but I'm also looking into doing failover for a VPN I'm setting up (currently only OpenVPN clients). I was going to use either VRRP on my switch or CARP/VRRP on the hosts (FreeBSD). My question is about what will happen in a failure. After one server dies and the backup takes over, do all the clients need to re-key themselves and use the new server? Is this automatic with OpenVPN clients, more or less seamless to the users (except for a pause)? Thanks, Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFE7a8eV/+PyAj2L+IRAoEjAJ0R7qG7phog7WOmd37sArAxC+lp2ACdGz0s DWo490y/HKLfNvOXQFi6T/E= =fZBU -----END PGP SIGNATURE----- ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |