Re: [Openvpn-users] Openvpn in cluster not connect

[Ilin Tatabitovski]

Hello,

OpenVPN will listen on all interfaces by default.

I have a working setup with two OpenVPN servers master-slave with ucarp and
it works very well.

ucarp allows you to run scripts when a host becomes MASTER or SLAVE so in
addition of migrating the virtual IP address you can also perform other
tasks (sending mail, starting the openvpn daemons, etc)

To keep the OpenVPN configuration in sync DRBD is a bit of an overkill.

You could have simple script that will run on both hosts and if the host is
the MASTER at the moment it will rsync the configuration to the SLAVE.
You could also look into lsyncd (https://code.google.com/p/lsyncd/)
You could try GlusterFS if you want - maybe a bit of an overkill like DRBD

 Regards,
Ilin




On 17 December 2013 14:49, Christiano Liberato <christianoliber...@gmail.com
> wrote:

> Hi,
>
> I have two openvpn servers in cluster with heartbeat + drbd.
>
> server01 ip: 192.168.20.253
> server02 ip: 192.168.20.254
> heartbeat ip: 192.168.20.24
>
> I like working with high availability, my external connections arrive at
> the firewall on port 1194 udp and are redirected to 192.168.20.24, so if the
> first server goes down, the second takes and my clients can connect to the
> vpn again.
>
> Then I'm in trouble: to redirect to 192.168.20.253 or 192.168.20.254, I
> connect. When I redirect to 192.168.20.24, not connects and displays the
> following errors:
>
> root@tst01:~# tail -f /var/log/openvpn/openvpn.log
> Tue Dec 17 10:52:19 2013 us=548026 MULTI: multi_create_instance called
> Tue Dec 17 10:52:19 2013 us=548189 187.52.xx.xx:1194 Re-using SSL/TLS
> context
> Tue Dec 17 10:52:19 2013 us=548251 187.52.xx.xx:1194 LZO compression
> initialized
> Tue Dec 17 10:52:19 2013 us=548532 187.52.xx.xx:1194 Control Channel MTU
> parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Tue Dec 17 10:52:19 2013 us=548558 187.52.xx.xx:1194 Data Channel MTU
> parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Tue Dec 17 10:52:19 2013 us=548657 187.52.xx.xx:1194 Local Options String:
> 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher
> BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
> Tue Dec 17 10:52:19 2013 us=548682 187.52.xx.xx:1194 Expected Remote
> Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
> UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
> Tue Dec 17 10:52:19 2013 us=548737 187.52.xx.xx:1194 Local Options hash
> (VER=V4): '530fdded'
> Tue Dec 17 10:52:19 2013 us=548757 187.52.xx.xx:1194 Expected Remote
> Options hash (VER=V4): '41690919'
> Tue Dec 17 10:52:19 2013 us=548831 187.52.xx.xx:1194 UDPv4 READ [14] from
> [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0
> DATA len=0
> Tue Dec 17 10:52:19 2013 us=548872 187.52.xx.xx:1194 TLS: Initial packet
> from [AF_INET]187.52.xx.xx:1194, sid=51d4af94 061b712f
> Tue Dec 17 10:52:19 2013 us=548937 187.52.xx.xx:1194 UDPv4 WRITE [26] to
> [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ]
> pid=0 DATA len=0
> Tue Dec 17 10:52:21 2013 us=742407 187.52.xx.xx:1194 UDPv4 READ [14] from
> [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0
> DATA len=0
> Tue Dec 17 10:52:21 2013 us=742509 187.52.xx.xx:1194 UDPv4 WRITE [26] to
> [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ]
> pid=0 DATA len=0
> Tue Dec 17 10:52:25 2013 us=221336 187.52.xx.xx:1194 UDPv4 WRITE [14] to
> [AF_INET]187.52.xx.xx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0
> DATA len=0
>
>
> root@tst01:~# ifconfig
> eth0      Link encap:Ethernet  Endereço de HW 00:0c:29:64:d0:f6
>           inet end.: 192.168.20.253  Bcast:192.168.20.255
> Masc:255.255.255.0
>           endereço inet6: fe80::20c:29ff:fe64:d0f6/64 Escopo:Link
>           UP BROADCASTRUNNING MULTICAST  MTU:1500  Métrica:1
>           RX packets:17989 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:9894 errors:0 dropped:0 overruns:0 carrier:0
>           colisões:0 txqueuelen:1000
>           RX bytes:2774612 (2.6 MiB)  TX bytes:3576338 (3.4 MiB)
>
> eth0:0    Link encap:Ethernet  Endereço de HW 00:0c:29:64:d0:f6
>           inet end.: 192.168.20.24  Bcast:192.168.20.255
> Masc:255.255.255.0
>           UP BROADCASTRUNNING MULTICAST  MTU:1500  Métrica:1
>
> lo        Link encap:Loopback Local
>           inet end.: 127.0.0.1  Masc:255.0.0.0
>           endereço inet6: ::1/128 Escopo:Máquina
>           UP LOOPBACKRUNNING  MTU:16436  Métrica:1
>           RX packets:13 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
>           colisões:0 txqueuelen:0
>           RX bytes:1144 (1.1 KiB)  TX bytes:1144 (1.1 KiB)
>
> tun0      Link encap:Não Especificado  Endereço de HW
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet end.: 10.2.100.1  P-a-P:10.2.100.2  Masc:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Métrica:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           colisões:0 txqueuelen:100
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> Does OpenVPN supports connections to virtual interfaces?
>
> Thanks!
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>


-- 
G+ :: http://gplus.to/itatabitovski

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users