I'm in the process of evaluating OpenVPN AS.
I've setup a working configuration with LDAP and the two concurrent connections that can be used during evaluation. Everything works perfectly.
Now I would like to go the extra step and setup failover.
So I installed a second AS as secondary one and configured the failover settings in the admin web ui of the main AS.
The validation of my settings did succeed, it says GOOD for all four categories, so I commited the configuration.
I have reserved that spare IP, and I configured it in the failover settings.
But I don't know how it's going to be used.
The main AS still has its IP and the secondary AS has its IP.
I can only connect to the AS web interface by using the main AS' IP.
So which piece am I still missing in my setup. I think I read all bits of documentation that were available on this setup and couldn't figure it out myself so far.
Missing Piece in Failover Configuration
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Dec 12, 2016 12:26 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Dec 12, 2016 12:26 pm
Re: Missing Piece in Failover Configuration
ucarp is working now. I was under the impression that ucarp would be handled as part of the failover configuration, but it has to be setup in addition to AS. I did this now, encountered several known, well documented problems with also documented workarounds, as there are no official bug fixes for it and now ucarp is working. Given the problems with getting it working (I had e.g. to fix a syntax error in the /usr/libexec/ucarp/ucarp script), I'm not sure this is something I want to use in a production environment. I'll dig some more about this piece of software, which I hadn't heard of before.
Now I'm going to test the failover feature of AS, that's based on ucarp.
Now I'm going to test the failover feature of AS, that's based on ucarp.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Dec 12, 2016 12:26 pm
Re: Missing Piece in Failover Configuration
The current problem I'm facing after setting up the failover configuration is, that the standby openvpnas daemon can't be started.
On the master I see the following error message about every 45 seconds in the /var/log/openvpnas-node.log file:
I can't find any additional information on why this fails or what exactly fails, neither on the master nor on the standby.
Are there any further logs I can consult?
On the master I see the following error message about every 45 seconds in the /var/log/openvpnas-node.log file:
Code: Select all
2017-01-04 14:57:51+0100 [-] PrepStandby error: failed to start standby openvpnas daemon on MYSECONDARYAS (1, '[err=127] out=[] err=[]')
Are there any further logs I can consult?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Mar 28, 2017 5:13 pm
Re: Missing Piece in Failover Configuration
Did you ever figure this out? My standby is getting the exact same error message
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Dec 09, 2017 5:53 am
Re: Missing Piece in Failover Configuration
Exactly the same error message for me, too. Failover seems to work, though.