OpenVPN/High-Availability

From Secure Computing Wiki
Revision as of 22:17, 9 October 2014 by Ecrist (Talk | contribs)

Jump to: navigation, search
OpenVPN Topics

GENERAL: RoutingRIP RoutingBridgingFAQFirewallVPN ChainingHigh-AvailabilityTroubleshootingDonationsIRC meetingsDeveloper DocsTester Docs
OS RELATED: FreeBSD Routed FreeBSD Bridged

OpenVPN does not have built-in support for high availability, or HA. Generally, in HA systems, there exists a primary and failover system where, with the failure of the primary, the secondary takes over with no apparent outage to the end users, or traffic passing through the devices. These are common with firewalls in pass-through scenarios. Web servers are an example of end point devices.

OpenVPN does support multiple --remote lines within a client config, allowing the client to automatically try subsequent server entries upon connection loss. During the re-negotiation with the new server, traffic cannot pass across the VPN.

HA Routers

A single OpenVPN server with transit through a pair of HA routers.

Multiple OpenVPN Servers

Multiple OpenVPN servers with multiple --remote lines in client config.

HA Routers with Multiple OpenVPN Servers

A combination of HA routers with multiple remote OpenVPN servers.