[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: [Openvpn-devel] OpenVPN 2.0 -- Project Update and Release Notes

  • Subject: Re: [Openvpn-users] Re: [Openvpn-devel] OpenVPN 2.0 -- Project Update and Release Notes
  • From: "Dick St.Peters" <stpeters@xxxxxxxxxxxxx>
  • Date: Wed, 31 Mar 2004 10:35:18 -0500

James Yonan writes:

> (3) static routes tied to specific clients interferes with failover.  Suppose
> you have 2 machines running a VPN server, and for purposes of load balancing
> and failover, you want clients to be able to connect to either server.  Now
> once you start to have clients needing static routes, it means that the
> gateway on the server's network needs to understand that a given static route
> might need to point to either server A or server B, depending on which of the
> two servers the client is currently connected to.  So essentially, the server
> would need to be able to push routes onto the gateway.

A site running failover servers is likely also running some dynamic
routing protocol, meaning its tunnel servers are likely to be pushing
routes to their gateways anyway.  My one tunnel server already does
this, using zebra/ospfd.  (A failover set of gateways push default
routes to the one tunnel server too.)

I haven't had time to think about this enough, but my first reaction
is that failover really isn't something for OpenVPN to handle.  The
network will need to route UDP to the right tunnel server anyway, and
failover seems to fit best in the network routing framework.

Dick St.Peters, stpeters@xxxxxxxxxxxxx 
Gatekeeper, NetHeaven, Saratoga Springs, NY