Missing Piece in Failover Configuration

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
hboeken
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 12, 2016 12:26 pm

Missing Piece in Failover Configuration

Post by hboeken » Tue Jan 03, 2017 4:23 pm

I'm in the process of evaluating OpenVPN AS.
I've setup a working configuration with LDAP and the two concurrent connections that can be used during evaluation. Everything works perfectly.

Now I would like to go the extra step and setup failover.
So I installed a second AS as secondary one and configured the failover settings in the admin web ui of the main AS.
The validation of my settings did succeed, it says GOOD for all four categories, so I commited the configuration.
I have reserved that spare IP, and I configured it in the failover settings.
But I don't know how it's going to be used.
The main AS still has its IP and the secondary AS has its IP.
I can only connect to the AS web interface by using the main AS' IP.

So which piece am I still missing in my setup. I think I read all bits of documentation that were available on this setup and couldn't figure it out myself so far.

hboeken
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 12, 2016 12:26 pm

Re: Missing Piece in Failover Configuration

Post by hboeken » Wed Jan 04, 2017 9:03 am

ucarp is working now. I was under the impression that ucarp would be handled as part of the failover configuration, but it has to be setup in addition to AS. I did this now, encountered several known, well documented problems with also documented workarounds, as there are no official bug fixes for it and now ucarp is working. Given the problems with getting it working (I had e.g. to fix a syntax error in the /usr/libexec/ucarp/ucarp script), I'm not sure this is something I want to use in a production environment. I'll dig some more about this piece of software, which I hadn't heard of before.
Now I'm going to test the failover feature of AS, that's based on ucarp.

hboeken
OpenVpn Newbie
Posts: 4
Joined: Mon Dec 12, 2016 12:26 pm

Re: Missing Piece in Failover Configuration

Post by hboeken » Wed Jan 04, 2017 2:03 pm

The current problem I'm facing after setting up the failover configuration is, that the standby openvpnas daemon can't be started.
On the master I see the following error message about every 45 seconds in the /var/log/openvpnas-node.log file:

Code: Select all

2017-01-04 14:57:51+0100 [-] PrepStandby error: failed to start standby openvpnas daemon on MYSECONDARYAS (1, '[err=127] out=[] err=[]')
I can't find any additional information on why this fails or what exactly fails, neither on the master nor on the standby.
Are there any further logs I can consult?

chockomonkey
OpenVpn Newbie
Posts: 4
Joined: Tue Mar 28, 2017 5:13 pm

Re: Missing Piece in Failover Configuration

Post by chockomonkey » Tue Jun 20, 2017 6:55 pm

Did you ever figure this out? My standby is getting the exact same error message

ssaunders
OpenVpn Newbie
Posts: 2
Joined: Sat Dec 09, 2017 5:53 am

Re: Missing Piece in Failover Configuration

Post by ssaunders » Sat Dec 09, 2017 6:11 am

Exactly the same error message for me, too. Failover seems to work, though.

Post Reply