Hi,
On 15/03/21 05:05, Eric Schoeller wrote:
Hello,
I've been an OpenVPN user for about 15 years, but I am brand new to
the mailing list.
I am building a redundant monitoring system (naemon+merlin) and I
would like to establish a means to connect three distributed
monitoring machines over a common private encrypted network using
OpenVPN. I am designing the system in a manner where any of the
machines can be off-line but the 'service' remains fully functional.
So, I wouldn't be able to define just one of the machines as the
OpenVPN server, since if it goes down the other two lose connectivity
to each other. And the intent of the system is to be fully
isolated/stand-alone - so I really shouldn't introduce other systems
into the mix.
The way I've accomplished this in the past is as follows:
Server A has clients B and C
Server B has clients C (and A)
(or something like that)
This gets a little sloppy with the need to have multiple
tunnels/networks on each machine, but it works and resolves the
problem of having 'Server A' become unavailable - B and C can still
communicate.
Is there a better way to do this? Somehow having all three machines
participate in the same network?
I'd say the short answer is "no, there's no better way of doing this" .
If you need a redundant link then you will have to use two separate
setups. I've dealt with your '3 box redundant link" setup before and
always ended up using a dual VPN setup, pretty much like you're describing.
It is also my main reason for using static keys - as there are only 3
boxes involved there is no real need to use a client/server setup. As
an alternative you can use certificates in a non-client/server setup but
it's more of a hassle.
The main advantage of a redundant VPN setup is that you can do automatic
fail-over routing, something which is not possible in a client/server
setup: I'd use two routes from C , to both A and B, with B having a
higher metric. As long as host A is up, C will route via A but as soon
as it sees that host A is down, it automatically switches to routing via B.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
