Christiano...
I assume your your reference to heartbeat is actually the floating VIP
that is the fail-over IP between the cluster nodes.
And your firewall's allow UDP access to only the .20.24
Have you told your OpenVPN instance ( you didn't post your config file
;-) ) to bind specifically to the 20.24 via the "local" directive.
As well as far as .253/254 goes OpenVPN and your firewalls
Port-Forwards/NAT whatever don't need to know or do anything with these.
They are physical addresses for the systems only. As far as any OpenVPN
bit's go the 20.24 VIP is all that matters.
You might also want to have Openvpn start stop in your cluster failover
scripts.
I have HA running very well with simple UCARP and rsync sync'ed
openvpn's --- didn't bother with drbd in my case not enough config
changes to bother.
Hope this helps.
Colin Ryan
On 12/17/2013, 8:49 AM, Christiano Liberato wrote:
Hi,
I have two openvpn servers in cluster with heartbeat + drbd.
server01 ip: 192.168.20.253
server02 ip: 192.168.20.254
heartbeat ip: 192.168.20.24
I like working with high availability, my external connections arrive
at the firewall on port 1194 udp and are redirected to 192.168.20.24,
so if the first server goes down, the second takes and my clients can
connect to the vpn again.
Then I'm in trouble: to redirect to 192.168.20.253 or 192.168.20.254,
I connect. When I redirect to 192.168.20.24, not connects and displays
the following errors:
root@tst01:~# tail -f /var/log/openvpn/openvpn.log
Tue Dec 17 10:52:19 2013 us=548026 MULTI: multi_create_instance called
Tue Dec 17 10:52:19 2013 us=548189 187.52.xx.xx:1194 Re-using SSL/TLS
context
Tue Dec 17 10:52:19 2013 us=548251 187.52.xx.xx:1194 LZO compression
initialized
Tue Dec 17 10:52:19 2013 us=548532 187.52.xx.xx:1194 Control Channel
MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 17 10:52:19 2013 us=548558 187.52.xx.xx:1194 Data Channel MTU
parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 17 10:52:19 2013 us=548657 187.52.xx.xx:1194 Local Options
String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Tue Dec 17 10:52:19 2013 us=548682 187.52.xx.xx:1194 Expected Remote
Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-client'
Tue Dec 17 10:52:19 2013 us=548737 187.52.xx.xx:1194 Local Options
hash (VER=V4): '530fdded'
Tue Dec 17 10:52:19 2013 us=548757 187.52.xx.xx:1194 Expected Remote
Options hash (VER=V4): '41690919'
Tue Dec 17 10:52:19 2013 us=548831 187.52.xx.xx:1194 UDPv4 READ [14]
from [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0
[ ] pid=0 DATA len=0
Tue Dec 17 10:52:19 2013 us=548872 187.52.xx.xx:1194 TLS: Initial
packet from [AF_INET]187.52.xx.xx:1194, sid=51d4af94 061b712f
Tue Dec 17 10:52:19 2013 us=548937 187.52.xx.xx:1194 UDPv4 WRITE [26]
to [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [
0 ] pid=0 DATA len=0
Tue Dec 17 10:52:21 2013 us=742407 187.52.xx.xx:1194 UDPv4 READ [14]
from [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0
[ ] pid=0 DATA len=0
Tue Dec 17 10:52:21 2013 us=742509 187.52.xx.xx:1194 UDPv4 WRITE [26]
to [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [
0 ] pid=0 DATA len=0
Tue Dec 17 10:52:25 2013 us=221336 187.52.xx.xx:1194 UDPv4 WRITE [14]
to [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [
] pid=0 DATA len=0
root@tst01:~# ifconfig
eth0 Link encap:Ethernet Endereço de HW 00:0c:29:64:d0:f6
inet end.: 192.168.20.253 Bcast:192.168.20.255
Masc:255.255.255.0
endereço inet6: fe80::20c:29ff:fe64:d0f6/64 Escopo:Link
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:17989 errors:0 dropped:0 overruns:0 frame:0
TX packets:9894 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:1000
RX bytes:2774612 (2.6 MiB) TX bytes:3576338 (3.4 MiB)
eth0:0 Link encap:Ethernet Endereço de HW 00:0c:29:64:d0:f6
inet end.: 192.168.20.24 Bcast:192.168.20.255
Masc:255.255.255.0
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACKRUNNING MTU:16436 Métrica:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:0
RX bytes:1144 (1.1 KiB) TX bytes:1144 (1.1 KiB)
tun0 Link encap:Não Especificado Endereço de HW
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet end.: 10.2.100.1 P-a-P:10.2.100.2 Masc:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Métrica:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Does OpenVPN supports connections to virtual interfaces?
Thanks!
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
