High Availability OpenVPN Server Community Edition

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
sgtang
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 16, 2021 6:19 pm

High Availability OpenVPN Server Community Edition

Post by sgtang » Wed Jun 16, 2021 6:22 pm

Hi all, we have 3 separate OpenVPN servers for high availability, each responsible for a separate virtual address pool/subnet.
Our issue is that we use the VPN assigned addresses for a particular application to bind to, and this application requires static IP addresses that don't change. We can enforce static IP addresses on each server using ccd files, but since each server manages a separate virtual address pool/subnet, the addresses can't stay the same between the servers.

Is there a configuration we can use that would allow all three servers to serve addresses from the same subnet?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: High Availability OpenVPN Server Community Edition

Post by openvpn_inc » Tue Jun 29, 2021 4:06 pm

sgtang wrote:
Wed Jun 16, 2021 6:22 pm
Hi all, we have 3 separate OpenVPN servers for high availability, each responsible for a separate virtual address pool/subnet.
Sounds like the right way to do that.
sgtang wrote:
Wed Jun 16, 2021 6:22 pm
Our issue is that we use the VPN assigned addresses for a particular application to bind to, and this application requires static IP addresses that don't change. We can enforce static IP addresses on each server using ccd files, but since each server manages a separate virtual address pool/subnet, the addresses can't stay the same between the servers.

Is there a configuration we can use that would allow all three servers to serve addresses from the same subnet?
Yuck. I suppose this application is proprietary and you can't fix it to use DNS for names? If that's the case I suggest that you open a support ticket with the vendor. Hard-coded IP addresses should have gone away in the 1990s.

You can't really do this with openvpn; you could potentially try bridging, but that opens up a lot of other potential issues, and I would not recommend it.

Beyond that your only fix would be NAT, to direct the traffic where you need it to go. And I say again, yuck.

Sorry I could not help more; regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply