Backup/Fallback VPN

[hansaplast]

Hi,

I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side.

Both sides (server/client) need to know how to route packets. On the server side I therefore set "route 192.168.0.0 255.255.255.0" (client LAN) in the server config file. I also push "route 10.0.0.0 255.255.255.0" (server LAN) to the client. However, if the fallback gateway/firewall sets up a tunnel, routing via the primary gateway/firewall tunnel is broken. This shouldn't be a problem when using heartbeat and fencing the primary gateway in case of a (connection) problem. I'm not very familiar with fencing and heartbeat and I would appreciate some good links to assist me in setting this up.

I'm also wondering if it is possible to let both tunnels active and somehow let OpenVPN decide how to route packets back and forth the LANs. Something like:

Code: Select all

If a packet comes from tun1 then route 192.168.1.0/24 via tun1
If a packet comes from tun2 then route 192.168.1.0/24 via tun2

I don't know if this is possible. I surely have no clue where to start...

[maikcat]

hi there,

if you have 2 internet connections on both sides and you want
load balance + failover you can doit like zeroshell does it

create 2 vpn using tap interfaces and use bond module (under linux)
to bond them together...


another option if you have 2 internet connections,and 2 gateways on both ends
pfsense has a failover feature (CARP).

ps:heartbeat..fencing.. what do you have in mind? what hardware you intend to use?
how many servers? how many internet connections (static ips..?)?

cheers,

michael.