[Pacemaker] OpenVPN in HA, sharing client connections

Michael Schwartzkopff misch at clusterbau.com
Tue Jul 10 07:15:54 EDT 2012

> Hi there!
> OpenVPN server has an 'management interface' that allows the admin to
> delete, add, modify, authorize client connections.
> As far as I know, it doesn't exist any preestablished method for
> sharing connections between openvpn servers, so in issues like
> failover and/or active-active configurations the behavior is pretty
> rudimentary (just using a LSB resource to start and stop the daemon).

Stopping and starting the daemon is not a big problem. OpenVPN offers a auto-
connect feature (option: keepalive) that reestablishes the connection after 
the interruption.

> I'm looking for something or someone that previously showed interest
> in this topic.
> If no, I will investigate the creation of a new RA or maybe a tiny
> daemon for deploying in master/slave modes.
> I think using netcat i'm able to get all openvpn data and also using
> netcat to inject the data in another openvpn server.

What be great to create a "connection table sync" during the failover. But 
please consider if this is really worth the effort when using the keepalive 
option in the client config.

When programming it, please think about a connection table sync daemon, like 
in ipvs or netfilter.


Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120710/27d7a453/attachment-0003.sig>

More information about the Pacemaker mailing list