OpenVPN Support Forum

I have 2 locations with VPN set up. They are inter connected vias redundant connections.

I have OpenVPN install on the client side.

What I would like to do is have the users connect to the primary location and if that is down then try the secondary connection.

Because the Certificates are different I need to be able to select the certificate based on the location.

To further complicate this I have the Cert's imbedded so that there is a single file to send with all the config information.

Is this doable in a single config file?

Hi buchbri,

You can't load configurations for multiple servers into one connection profile.

What you can do is run for example OpenVPN Access Server in cluster mode. The same configuration profile with same certificates will then be accepted by multiple servers, so that if one goes down, it can reconnect to any of the others.

You could also approach the problem on a higher level. Have 2 servers, 2 connection profiles, and set up a simple script that tells OpenVPN to connect to the first server with the first connection profile. And if that fails for some reason, tell it to use the second server with the second connection profile instead.

But in any case, trying to load 2 sets of certificates into 1 connection profile is not a supported use case.

Kind regards,
Johan

Hi,

Another possibility is to have the same TLS CA for both servers, so that the single client certificate will work in both places. Then multiple --remote lines in the same profile could point to different servers. (Note if you're using --auth-user-pass or any other kind of secondary authentication, both servers would need to have an entry for that user.)

This is in effect the same thing that using an Access Server cluster would do, but there, a single hostname would resolve to multiple nodes.

regards, rob0