I would like to set up Failover with two nodes. Ideally, users would not notice the difference if one of the VPN services went down (~5 seconds to full reconnect to a new server). What is the minimum failover time that can be realistically reached without causing clients to disconnect/reconnect repeatedly?
Currently, I have set up two Active nodes. They are identical other than the VPN subnet. The two servers are listed in the client profile. With the (simplified) configuration below, if I stop openvpn@server.service on the node the test client is connected to, it takes a total of about 20-30 seconds to connect fully to the other node. I have followed the guide:
https://openvpn.net/community-resources ... iguration/
Can this be improved with a Load Balancer and/or the Active/Passive configuration such as here:
https://openvpn.net/vpn-server-resource ... over-mode/
If so, does this require OpenVPN Access to implement? Also, with the settings below, would the timeout values in place be too short to allow reliable connections?
client config
client
proto udp
remote <IP 1> <port>
remote <IP 2> <port>
remote-random
connect-retry 1
connect-retry-max 1
connect-timeout 1
resolv-retry infinite
dev tun
nobind
persist-key
;persist-tun
server config
server
ifconfig-pool-persist ipp.txt
server <SUBNET> <NETMASK>
keepalive 2 4
reneg-sec 600
persist-key
persist-tun