[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] load balancing with a wee problem


  • Subject: Re: [Openvpn-users] load balancing with a wee problem
  • From: "Darren Loher" <dloher@xxxxxxxxxxxx>
  • Date: Wed, 16 Jan 2008 16:33:16 -0800

Something else I’ve seen is that a NAT-FW will timeout your port-translation pair.  This sometimes can be an absolute timeout, meaning it will shut off your traffic after some period of time even if the session is actively sending traffic.  (killing long lived sessions)

 

Openvpn attempts to reuse the same port pair on a soft-reset.  You can change this to a hard-reset though, which will cause a diff port pair to be used.

 

To enable this, try doing this on your client:

 

remap-usr1 SIGHUP

 

When you tunnel gets timed out, it should automatically attempt to restart the tunnel, this time using a different port-pair.

 

-Darren

 

 

 


From: Sebastian Perkins [mailto:sperkins@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, January 15, 2008 8:34 AM
To: Darren Loher
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] load balancing with a wee problem

 

on the client .conf the only persist options are :
persist-key
persist-tun



Sebastian Perkins
Responsable Informatique
sperkins@xxxxxxxxxxxxxxxxxx

----- Message Original -----
De: "Darren Loher" <dloher@xxxxxxxxxxxx>
A: "Sebastian Perkins" <sperkins@xxxxxxxxxxxxxxxxxx>, openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Sent: mardi 15 janvier 2008 16 h 27 (GMT+0100) Europe/Berlin
Sujet: RE: [Openvpn-users] load balancing with a wee problem


Try removing “persist routes” if you are using that on the client configuration.

 


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Sebastian Perkins
Sent: Tuesday, January 15, 2008 3:20 AM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] load balancing with a wee problem

 

Hello,

We are using openvpn tunnel mode with 2 servers + 22 clients interconnecting our offices. Works great !

Clients are openvpn 2.0.7 -> 2.0.9 (fedora core 3 or 4) and serveurs are FC5 + openvpn 2.1rc2 (from the yum repository).

The 2 servers are used for load balancing : each is connected to an ADSL modem. The clients connect with 2 remote entries + resolve random to balance. Actually this solution is also quite fault tolerant.

So far so good, our problem comes from a client's light broadband failure (ie under 20min) :  the client's tunnel doesn't come back up.

I've gone through the logs, it seems that :
Client A  is connected  to  Server 1
broadband goes down
broadband goes up
Client A  reconnects using "remote random" => connects to server 2
Server 1 issues a reconnection ("ping restarting...")

Then I get "connnexion refused" errors...

If I issue "service openvpn restart" on the client, everything works fine. Server side, all other tunneled connexions are fine and do not experience any problems. Clients that come down are in 2.0.7 or 2.0.9...

I can post the configs I you want, but my idea is that the servers are using "keepalive" options, just like the clients : should I just use keepalive on the clients ? Or am I wrong ?

Thanks in advance,

Sebastian Perkins
Responsable Informatique
sperkins@xxxxxxxxxxxxxxxxxx