I read that Openvpn is a peer to peer application. The so called client server roles are only for the TLS negotiations and setting up the TLS channel. That's why my main focus was on TLS handshake. I need that roaming at the server end. The single client multi server (1 server at a time) kind of an implementation. On Feb 20, 2016 2:33 PM, "Steffan Karger" <stef...@karger.me> wrote:
> > On 20 Feb 2016 9:19 am, "Gert Doering" <g...@greenie.muc.de> wrote: > > On Sat, Feb 20, 2016 at 11:40:28AM +0530, Shubham Chauhan wrote: > > > the --float option seems to be interesting! > > > > > > Help me understand one scenario. > > > If I want to transfer a VPN session from one VPN server to another, > keeping > > > the same openvpn process running at the client side, then will the > > > "--float" option help? If not float, then is there any other method? > > > > Floating in TLS client/server mode will only cover clients that move > > to a new IP address (NAT timeout, wifi/3G roaming, ...) > > > > Roaming to a new server needs a full TLS handshake. > > Not just the TLS handshake, but also the OpenVPN handshake to set up IPs, > routing, etc. OpenVPN does not support any of that currently, afaik. > > I think the TLS handshake is the least of your worries. Making roaming > between servers work at all is the hard part. > > -Steffan >
