Page 1 of 1

OpenVPN Access Server Failover Vagrant Setup

Posted: Mon Jan 14, 2019 8:54 pm
by charleswang007
Hello,

I would like to demo HA Failover of two OpenVPN Access Server instances using Vagrant VMs.
I am following instructions at https://openvpn.net/vpn-server-resource ... over-mode/
Below is my Vagrantfile and after the 2 VMs are up, I installed OpenVPN AS and set up bi-directional SSH access.

# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrant multi-machine setup
Vagrant.configure("2") do |config|
config.vm.define "vpn1" do |vpn1_config|
vpn1_config.vm.box = "ubuntu/trusty64"
vpn1_config.vm.host_name = "vpn1"
vpn1_config.vm.network :private_network, ip: "10.0.0.10"
vpn1_config.vm.network "forwarded_port", guest: 80, host: 8080
vpn1_config.vm.network "forwarded_port", guest: 943, host: 1943
end
config.vm.define "vpn2" do |vpn2_config|
vpn2_config.vm.box = "ubuntu/trusty64"
vpn2_config.vm.host_name = "vpn2"
vpn2_config.vm.network :private_network, ip: "10.0.0.11"
end
config.vm.provision "shell", inline: <<-SHELL
sudo apt-get update
sudo apt-get install rsync
SHELL
end

eth0 (10.0.2.15) is the Shared Virtual IP and each node gets their private IP (eth1): 10.0.0.10 (Primary) & 10.0.0.11 (Secondary).
I believe I completed all steps mentioned in the instruction, including running "sudo ovpn-init --secondary" to make the secondary node as failover system.
I clicked "Validate" on Failover page and it succeeded.
But after "Commit and Restart", the failover doesn't seem to work.
Broadcast UCARP/VRRP traffic is not seen on the secondary node (from "sudo tcpdump -eni any vrrp") and When openvpnas service is stopped on primary node, the openvpnas service on secondary node does not start (from "ps -aux | grep openvpn")

I even tried disabling firewall on both nodes ("sudo ufw diable") but it didn't help.

Can someone explain what might be wrong with my setup? Do I need additional settings to allow VRRP traffic? I'm kinda lost.

Image
Image

Thanks!