Hi, On Wed, Aug 12, 2015 at 12:09:47PM +0200, Arne Schwabe wrote: > Yes but changing AAAA/A of opnvpn.company.com or IN SRV of > openvpn.company.com is not such a big difference.
This was my thought as well, but SRV does have merits - especially
the priority thing is something you can't properly do with "traditional"
DNS entries (if you have multiple A/AAAA records, you just get load
sharing).
It's not a killer feature, as "most of it" could be achieved by having
remote openvpn-pri1.company.com
remote openvpn-pri2.company.com
remote openvpn-pri3.company.com
in your configs, and DNS/GeoDNS can steer this to the proper hosts -
but SRV makes it more convenient to the user (and much work for the
implementor... :) )
So - I wouldn't *implement* this myself, but if it were there, I'd
propably *use* it. Example: I have rolled out quite a number of
.ovpn client profiles that prefer TCP before UDP today. Given the
nice new tls-float feature, I'd actually love to have them try UDP
first... without rolling out new .ovpns...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpF_QTsDOFCa.pgp
Description: PGP signature
