What is clustering? You can think of it like a team of Access Servers delivering privacy and security to your users. They work together to manage connections and they remove the single point of failure from a traditional setup through one Access Server. If you need to increase the availability and load capacity of your OpenVPN Access Server environment, this is exactly what you need. Introduced in version 2.7.2, this new feature allows you to create this high-availability setup. Here’s how to get started, where to find detailed resources, and FAQs.
Deploy a team of Access Servers
Provide consistent up-time
Increase load capacity across multiple servers
Create your high-availability solution
Store certificates and credentials in a central, high-availability database server
Remove a single point of failure with one Access Server
Can be deployed entirely in the cloud
Provide users a single address for VPN connections
Setting up an OpenVPN Access Server cluster gives you the ability to spread the traffic load across multiple servers. We continue to add improvements to this solution with each new version of the product and are very open to feedback from our customers. To do so, please use our support ticket system.
Here’s a brief overview of what the setup entails:
We provide in-depth instructions for setting up an OpenVPN Access Server cluster. When you follow that link, you’ll be led through these six steps:
We provide 24/7 support with our global team of professionals to assist you with any steps or questions, if needed. Simply login with your free OpenVPN account and create a support ticket.
A cluster is an active-active, high-availability setup — which means that all nodes within your cluster are active and thus all allow incoming connections at the same time.
At this time, it is required that each node has its own purchased license key(s) to unlock a certain amount of concurrent connections.
For example, you could have four active nodes within a cluster and a total of 100 connections spread across those four nodes. So you would purchase a separate license key for each of your nodes — you could have four separate keys with 25 connections each for a total of 100 connections.
Yes. In this first phase of implementation, cluster support is primarily aimed at Amazon AWS where adding a new node can be automated with tiered instances. Amazon also offers high-availability database services necessary for the clustering setup, meaning you can run the entire solution with Amazon AWS.
Note: Amazon AWS tiered instances work without separately purchased license keys, but are licensed through Amazon automatically when such a node is launched.
We are developing a new licensing system that will let you connect multiple Access Servers to a central pool of licenses, making this solution even more attractive to deploy. We will continue to improve features with each new release of Access Server.
If the server cannot be repaired, remove it from the DNS records. Set up a new Access Server, attach it to the cluster, and add it to the round-robin DNS record to replace the failed node.
Access Server comes with a built-in failover mode which can be deployed on a local area network (LAN). The design is such that you have one primary Access Server, or node, with a secondary standby node that comes online automatically should your primary node fail. Think of it like having your All-Star athlete in the game and if something happens, you sub in your bench player. When this happens, the secondary node becomes the new, primary mode.
This setup uses Virtual Router Redundancy Protocol (VRRP) that stores a virtual IP and MAC address so the client doesn’t need to know if it’s connecting to the primary or secondary node. The VRRP triggers the standby Server if the primary fails. This setup is not compatible with Access Server deployments through Amazon AWS, as they block this traffic. You can read more detail about this high-availability failover mode at the link.
In contrast, a cluster is accessed through a DNS round-robin server. Through it, the VPN client makes a connection with any one of the nodes in the Access Server cluster. If that connection fails, it attempts the next connection after a brief pause. For the client, the user experience is the same, whether it’s a clustering or a failover setup. Either way, they connect with the same address and are indifferent which server makes the connection. Clustering works very well with Amazon AWS.
Set up a new Access Server, install the latest Access Server build on it, and log on to the Admin UI. From there, go to Cluster and choose Join existing cluster. You will then enter the database credentials to connect and join the cluster.
If you are using an existing Access Server with users and configurations, adding it to a cluster will then wipe this node clean. It will get its user certifications and other information from the cluster instead.
Additionally, you can automate this with a command line script. For specific details, please submit a request for support.