|
|
Charles Duffy wrote:
> Giancarlo Razzolini wrote:
>> Don't know about ucarp but, if you use CARP with PFSYNC, there will be
>> no downtime at all.
>
> This is untrue. Even with the firewall state being in sync, OpenVPN is
> internally stateful in TLS mode.
>
>
> -------------------------------------------------------------------------
y?
> Get stuff done quickly with pre-integrated technology to make your job easier
imo
=121642
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
Yes i know. But as far as openvpn is concerned, it is behind only one
machine. I tested some ssl applications behind this kind of firewall,
and none of then got down or restarted any connection after the down of
the master firewall. They don't only share an ip address, as there is
also a virtual mac address for the carp interface. When the master goes
down, the slave assume this mac address and consequently, the ip
address. And, because their state tables are synced with pfsync, to
something behind it, nothing will happen. I will test it with openvpn to
be entirely sure. But i'm quite sure that it will work, both for a
server and for a client behind it.
My regards,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Attachment:
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier _______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|