[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Load Balancing/Failover - how to know who is where?

  • Subject: Re: [Openvpn-users] Load Balancing/Failover - how to know who is where?
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Mon, 24 Oct 2005 13:04:32 -0600 (MDT)

On Sun, 23 Oct 2005, Sven 'Darkman' Michels wrote:

> Hash: SHA1
> Hi there,
> while playing around with openvpn the following question came
> up to my mind: the loadbalancing possibility of openvpn is
> great, but how should i or at least the openvpn servers know
> who is connected on which server?
> Lets imagine the problem: i've a tons of users, some of them
> are provileged and such get an own ip range into the vpn.
> Now i have two servers, located in two different datacenters
> to provide failover and loadbalancing. Some of the clients
> need to speak to eachother, so i need to know how to reach
> the client. When they come in randomly on one of the servers,
> i need a way to know on which server the client is to add a
> route to the client on the other server, right?
> Any ideas how to do this? A possible solution in my mind was
> a connect script that sets the routes on the other server, but
> in a case of a crash this would leave dead routes on the working
> server.. so this is probably not really a good idea.

If you want a client to be assigned a fixed IP address or subnet
regardless of which server it connects to, then you would need to use a
client-connect script on each of the load-balanced servers to tell the
local router which of the servers currently "owns" that IP or subnet.

It's really a dynamic routing problem, and there's a wishlist item to 
extend the plugin interface to allow plugins to be written in support of 
different kinds of dynamic routing protocols (RIP2 or OSPF).

So if a client Z having a fixed IP address moved from server A to B, then
B would do a dynamic routing multicast to tell everyone that it is now the
gateway for Z.

But for now, you would need to roll your own solution using a custom 
client-connect script.


Openvpn-users mailing list