Unless I'm reading your original post wrong this is your issue. > local 192.168.20.253
When you have a cluster (active-passive) - as I believe you are trying to do - each hardware node, has as you outlined, a real physical address and then there is a floating IP ( or what I call VIP ) that the clustering tools manage. The VIP is active on whichever node is the active node at that point in time. So for example under normal circumstances your "primary" node will have it's physical address eth:0 in your example and the VIP (eth0:1 in your example) address active on it. i.e. the eth0:1 .24 address is active only ever on 1 node or the other at any point in time. When the cluster fails over the secondary node is given the VIP address. As such your inbound firewalling/port forwarding and the local directive of your OpenVPN instance should be explicitly bound to the VIP NOT the physical addresses of either of your cluster nodes. The local 192.168.20.253 binds that instance to the physical address not the VIP (eth0:1) Now if you are trying to do active-active there is a different thought process that needs to be done in that case - and is not something that makes a lot of sense for something like VPN services (usually) Any help or am I missing the point of your original question. On 12/17/2013, 12:20 PM, Christiano Liberato wrote: > local 192.168.20.253 ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
