Hi all, we have 3 separate OpenVPN servers for high availability, each responsible for a separate virtual address pool/subnet.
Our issue is that we use the VPN assigned addresses for a particular application to bind to, and this application requires static IP addresses that don't change. We can enforce static IP addresses on each server using ccd files, but since each server manages a separate virtual address pool/subnet, the addresses can't stay the same between the servers.
Is there a configuration we can use that would allow all three servers to serve addresses from the same subnet?
High Availability OpenVPN Server Community Edition
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jun 16, 2021 6:19 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: High Availability OpenVPN Server Community Edition
Sounds like the right way to do that.
Yuck. I suppose this application is proprietary and you can't fix it to use DNS for names? If that's the case I suggest that you open a support ticket with the vendor. Hard-coded IP addresses should have gone away in the 1990s.sgtang wrote: ↑Wed Jun 16, 2021 6:22 pmOur issue is that we use the VPN assigned addresses for a particular application to bind to, and this application requires static IP addresses that don't change. We can enforce static IP addresses on each server using ccd files, but since each server manages a separate virtual address pool/subnet, the addresses can't stay the same between the servers.
Is there a configuration we can use that would allow all three servers to serve addresses from the same subnet?
You can't really do this with openvpn; you could potentially try bridging, but that opens up a lot of other potential issues, and I would not recommend it.
Beyond that your only fix would be NAT, to direct the traffic where you need it to go. And I say again, yuck.
Sorry I could not help more; regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support