[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Openvpn Failover configuration


  • Subject: Re: [Openvpn-users] Openvpn Failover configuration
  • From: Giancarlo Razzolini <linux-fan@xxxxxxxxxxx>
  • Date: Fri, 25 Aug 2006 12:51:42 -0300

Iassen Hristov wrote:
> I don't see how will it not considering the session key will be invalid.
> The openvpn client would have to figure out that this is the case and
> re-establish a new session.
> 
> --On Friday, August 25, 2006 12:31 -0300 Giancarlo Razzolini
> <linux-fan@xxxxxxxxxxx> wrote:
> 
>> Charles Duffy wrote:
>>> Giancarlo Razzolini wrote:
>>>> Don't know about ucarp but, if you use CARP with PFSYNC, there will be
>>>> no downtime at all.
>>> This is untrue. Even with the firewall state being in sync, OpenVPN is 
>>> internally stateful in TLS mode.
>>>
>>>
>>> -------------------------------------------------------------------------
ity?
>>> Get stuff done quickly with pre-integrated technology to make your job
che
>>> Geronimo
at=121642
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>
>> Yes i know. But as far as openvpn is concerned, it is behind only one
>> machine. I tested some ssl applications behind this kind of firewall,
>> and none of then got down or restarted any connection after the down of
>> the master firewall. They don't only share an ip address, as there is
>> also a virtual mac address for the carp interface. When the master goes
>> down, the slave assume this mac address and consequently, the ip
>> address. And, because their state tables are synced with pfsync, to
>> something behind it, nothing will happen. I will test it with openvpn to
>> be entirely sure. But i'm quite sure that it will work, both for a
>> server and for a client behind it.
>>
>> My regards,
> 
> 
> 
> 
> -------------------------------------------------------------------------
y?
> Get stuff done quickly with pre-integrated technology to make your job easier
imo
=121642
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

I will test it latter today. Will post the results here.

My regards,
-- 
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users