So I have a OpenVPN server (10.0.0.1), and several OpenVPN clients connecting to it. The server authenticates via certificates and keys generated by easy-rsa, and hands out a unique IP (10.0.x.1) and some basic routes via ccd/ files. Works great!
But I'd like to have another spare OpenVPN server (e.g. 10.0.254.1) somewhere else, and have the clients connect to that server in case the main server goes down. This is very easy by just specifying multiple servers in the clients config file.
However: - is it really ok to simply copy or rsync the main servers certificates and keys to the backup server? It works, but feels very hack-ish. - I would like the main and the backup server to be connected to each other by a OpenVPN link, too.
Here's the tricky bit: I would like clients that are connected to the main server to be able to talk to clients that are connected to the backup server. i.e.: If, for some reason the client 10.0.1.1 is connected to the primary server 10.0.0.1, and the client 10.0.9.1 is connected to the backup server 10.0.254.1 (even though it should usually be connected to 10.0.0.1), how can the main and the backup server figure out the routing dynamically?
If I, for example, have the two servers connected via a seperate OpenVPN instance. Is there a clean way for the backup server to let the main server know "hey! 10.0.9.1 just connected to me, so you should route anything for that IP through me!" - and to have all that routing fix itself once the clients decide to connect to the main server, again?
0 Answers