[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Load balanced vpn


  • Subject: Re: [Openvpn-users] Load balanced vpn
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Tue, 28 Aug 2007 13:51:17 +0200

Am Dienstag 28 August 2007 12:48:39 schrieb Erich Titl:
> Ludovic
>
> Ludovic MARCILLY wrote:
> > Hi all,
> >
> > i'm using openvpn and it works well.
> > Now i want to do this kind of things:
> >
> >                   LAN 1
> >
> >
> >
> >               [Linux box + openvpn]
> >
> >               [Router 1]     [Router 2]
> >
> >             [------ INTERNET -------]
> >
> >               [Router 3]     [Router 4]
> >
> >               [Linux box + openvpn]
> >
> >
> >                  LAN2
> >
> >
> > I want to create two vpn:
> >  - the first one passing through Router 1 - Router 3
> >  - the second one passing through Router 2 - Router 4

As far as I see, you will need heartbeat to control the two nodes, and perhaps 
to shutdown one of them if it's not working properly anymore. 
We have used this setup, it worked fine.

While both openvpn server are up, traffic control and port-based routing can 
be used with ip_route2 and tc, as well as bonding to improve performance.

This can also be combined with heartbeat,  we used it to switch the entries in 
the routing tables, while one of the DSL links was down.

> >
> > By using original openvpn, it will add two routes on each openvpn linux
> > box. What i want to do is the following: i want to delete route if the
> > other endpoints of the vpn is not reachable in order to "load balance"
> > vpn.
> >
> > For example, use by default the Router 1 - Router 3 vpn and if i can't
> > reach LAN2 from LAN1 via this vpn, delete the route and add the route
> > corresponding to vpn passing through Router 2 - Router 4.
> >
> > First question: is there any possibily to configure this kind of thing
> > (or similar thing) with openvpn ? Second question: if i simply write a C
> > program which try to ping the other endpoint of the vpn and change the
> > route, will it work ?
>
> You might be better off by using something like eql on the two tunnels,
> should that not be possible with OpenVPN then tunneling GRE through the
> OpenVPN tunnels and combining those with eql. Then you can route your
> traffig using a single route and switch by just setting one or the other
> GRE tunnel down.
>
> cheers
>
> Erich
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users



-- 

Best Regards - Mit freundlichen Gruessen
Markus Feilner
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users