Difference between revisions of "OpenVPN/High-Availability"

From Secure Computing Wiki
Jump to: navigation, search
Line 1: Line 1:
 +
{{OpenVPN_Menu}}
 
[[Image: multi-remote.png|frame|Multiple OpenVPN servers with multiple --remote lines in client config.]]
 
[[Image: multi-remote.png|frame|Multiple OpenVPN servers with multiple --remote lines in client config.]]
 
[[Image: multi-router.png|frame|A single OpenVPN server with transit through a pair of HA routers.]]
 
[[Image: multi-router.png|frame|A single OpenVPN server with transit through a pair of HA routers.]]

Revision as of 23:12, 9 October 2014

OpenVPN Topics

GENERAL: RoutingRIP RoutingBridgingFAQFirewallVPN ChainingHigh-AvailabilityTroubleshootingDonationsIRC meetingsDeveloper DocsTester Docs
OS RELATED: FreeBSD Routed FreeBSD Bridged

Multiple OpenVPN servers with multiple --remote lines in client config.
A single OpenVPN server with transit through a pair of HA routers.

OpenVPN does not have built-in support for high availability, or HA. Generally, in HA systems, there exists a primary and failover system where, with the failure of the primary, the secondary takes over with no apparent outage to the end users, or traffic passing through the devices. These are common with firewalls in pass-through scenarios. Web servers are an example of end point devices.

OpenVPN does support multiple --remote lines within a client config, allowing the client to automatically try subsequent server entries upon connection loss. During the re-negotiation with the new server, traffic cannot pass across the VPN.