[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Openvpn Failover configuration


  • Subject: Re: [Openvpn-users] Openvpn Failover configuration
  • From: Giancarlo Razzolini <linux-fan@xxxxxxxxxxx>
  • Date: Fri, 25 Aug 2006 12:31:49 -0300

Charles Duffy wrote:
> Giancarlo Razzolini wrote:
>> Don't know about ucarp but, if you use CARP with PFSYNC, there will be
>> no downtime at all.
> 
> This is untrue. Even with the firewall state being in sync, OpenVPN is 
> internally stateful in TLS mode.
> 
> 
> -------------------------------------------------------------------------
y?
> Get stuff done quickly with pre-integrated technology to make your job easier
imo
=121642
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
Yes i know. But as far as openvpn is concerned, it is behind only one
machine. I tested some ssl applications behind this kind of firewall,
and none of then got down or restarted any connection after the down of
the master firewall. They don't only share an ip address, as there is
also a virtual mac address for the carp interface. When the master goes
down, the slave assume this mac address and consequently, the ip
address. And, because their state tables are synced with pfsync, to
something behind it, nothing will happen. I will test it with openvpn to
be entirely sure. But i'm quite sure that it will work, both for a
server and for a client behind it.

My regards,
-- 
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users