I may have a need to design a load balancer / demultiplexer that can route
in-bound OpenVPN client connections to a specific server based on the
clients certificate.
If this is possible, the setup would be a LB of sorts in front of a farm of
OpenVPN servers. This LB would look at the CN in the certificate of the
inbound connection (UDP or TCP) and setup a route to the proper OpenVPN
server based on which server that client is associated with.
Is it possible to read the CN of a client without completing the entire
connection? I figure I can setup an OpenVPN server as the router and via
connection scripts, read the CN of connecting clients and build routing
rules that way, but that would require the client to connect to the OpenVPN
instance running on the 'router' before its traffic starts getting routed
to the correct server at which point it will have to re-establish the
connection to the new server. Is there a more elegant solution?
I know its an unusual ask and I'm not expecting there to be a simple
answer, but if possible, this could simply other parts of the project.
Thanks for any insight!
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
