Reduce Failover Time

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
birdiec
OpenVpn Newbie
Posts: 1
Joined: Tue May 10, 2022 7:46 pm

Reduce Failover Time

Post by birdiec » Tue May 10, 2022 7:57 pm

Hello,
I would like to set up Failover with two nodes. Ideally, users would not notice the difference if one of the VPN services went down (~5 seconds to full reconnect to a new server). What is the minimum failover time that can be realistically reached without causing clients to disconnect/reconnect repeatedly?

Currently, I have set up two Active nodes. They are identical other than the VPN subnet. The two servers are listed in the client profile. With the (simplified) configuration below, if I stop openvpn@server.service on the node the test client is connected to, it takes a total of about 20-30 seconds to connect fully to the other node. I have followed the guide:
https://openvpn.net/community-resources ... iguration/

Can this be improved with a Load Balancer and/or the Active/Passive configuration such as here:
https://openvpn.net/vpn-server-resource ... over-mode/
If so, does this require OpenVPN Access to implement? Also, with the settings below, would the timeout values in place be too short to allow reliable connections?

client config

client
proto udp
remote <IP 1> <port>
remote <IP 2> <port>
remote-random
connect-retry 1
connect-retry-max 1
connect-timeout 1
resolv-retry infinite
dev tun

nobind
persist-key
;persist-tun



server config

server
ifconfig-pool-persist ipp.txt
server <SUBNET> <NETMASK>
keepalive 2 4
reneg-sec 600
persist-key
persist-tun

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Reduce Failover Time

Post by TinCanTech » Fri May 13, 2022 8:36 pm

With --proto udp, you will see some weird behavior

Post Reply