[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] failover with RIP


  • Subject: Re: [Openvpn-users] failover with RIP
  • From: "Michael Jürgens" <openvpn@xxxxxxxxxxxxx>
  • Date: Mon, 20 Aug 2007 16:07:37 +0200

Hi Erich,

thanks for fast reply.

Erich Titl schrieb:
> Michael
>
> as nobody seemed to reply I am trying my luck
>
> Michael Jürgens wrote:
>   
>> Hi,
>>
>> I´ve searched the archive about failover but cannot find a proper
>> solution for my problem.
>>
>> I try to set up a failover configuration for many clients with networks
>> behind them.
>> VPN1 and VPN2 have the same configuration and are setup with DNS Round
>> Robin.
>>
>>
>> --+---[Net1]   --+----[Net2]
>>   |              |
>>  [C1]           [C2]
>>   |              |
>>   |              |
>> [VPN1]         [VPN2]
>>   |              |
>> --+------+-------+----[Net3] (RIP)
>>          |
>>        [Host1]
>>
>> The idea:
>> C1 connects to VPN1
>> VPN1 publishes Net1 to the Kernel (Of Router1)
>>     
>
> Where is Router1?
>   
It is the machine running vpn1.
>   
>> The kernel propagates this route vis RIP to net3
>> Host1 also runs RIP recognize the route to net1
>>     
>
> So the route to net1 goes to VPN1?
>   
Yes, but only if c1 is connected to vpn1. If it is connected to vpn2,
net1 goes to vpn2.
>   
>> If C1 connects to VPN2, the same procedure happens and host1 knows the
>> route.
>>     
>
> Mhhh... the route then changes to VPN2 and gets propagated.
>
>   
>> My first idea was to build this by adding a "route" statement to CCD
>> file of C1.
>>     
>
> Is this really necessary? What exactly do you want to achieve. You want
> to have routing from host1 to net1 whatever VPN is active at the moment.
> IMHO all you really have to propagate to host1 or to an intermediate
> router is that the route to Net1 has changed. Then packets destined to
> net1 will be routed accordingly.
>   
Yes, but how can I do that?
For that I have to propagate the route information from the openvpn
process to the kernel of router1 (or router2 if c1 is connected to vpn2)
As far as I know the openvpn process runs under an unprivileged user
when the client connects to the vpn. So it seems inpossible to propagate
a route to the kernel without breaking some security rules.


regards,

Michael

> Hope I interpreted your set up correctly
>   
> Erich
>
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users