I'm fiddling around with a redundant VPN-solution. The setup is rather
simple at the moment but will grow more complex over time. Since I've
been having problem even seting up a basic IPSec tunnel(weird timeouts
with random intervals on all connections.). I went with a openvpn
solution instead due to running out of time for the project.
The setup looks like this:
{ site1.fw1 site1.fw2 } -> NOC.fw
site1.fw1 <- CARP -> site1.fw2 but via NOC.fw which is the openvpn
server.
All traffic from NOC to site1 routes through the VPN via the CARP
ip address.
But(!) The problem is that the CARP interfaces won't sync with each
other over the VPN, I don't see any traffic running through the tun0
interface at all. Yes it's a link0 tun interface, yes I'm running
openvpn in layer 2(tap) mode. Yes, carp will sync over the normal
network with the same setup it has as in the vpn(different vhid,
of course) Any clue why it isn't working?
PS: I'm not subscribed to the list.
--
Jonathan Beckman
Network Operator
Spotify
