WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

VRRP vs OpenVPN Server

0 votes
550 views 8 comments
by anonymous
Hello,

is there possible to use VRRP and have installed OpenVPN Server on both routers as fail-over cluster?
In my previous project, I have been using VRRP for over year and half on two RUT955 and it worked perfect.

Now I would like to create cluster (RUT955) and install OpenVPN Server to provide remote access to network.
Did anyone tested such configuration?

Best regards,
Grzegorz

1 Answer

0 votes
by anonymous
Hello,

Could you elaborate a little bit more about your question? I understand that you use VRRP for redundancy purposes to keep devices connected to the network if the main router disconnects. Do you want that OpenVPN server to act as redundancy as well (to reach devices connected to the server in case it goes down)?

Regards.
by anonymous
Hello,

I have two routers (RUT955) in two different locations so they use two different BTS.
They work in VRRP to provide access to the same network to reduce operator's infrastructure failure.

I would like to configure OpenVPN server on these routers to have remote access to their LAN.
For single router that is no problem:
1. openVPN server
2. masquarade
3. push traffic from VPN to LAN

But will the same scheme be working if these routers have the same certificate, key and other authentication files required to set up OpenVPN server? I need it to be transparent for end-user (OpenVPN Client).

I cannot test it this week so I decided to ask here on the community forum.

Best regards,
Grzegorz
by anonymous
I am sure that it is possible to configure it like that, but I would like to know what device is a client, can it hold two client interfaces at the same time?
by anonymous
End user is Windows with OpenVPN client and I want to use only one interface.
My goal is to use one client that is connected to currently active/main router in VRRP configuration (that router that is currently default gateway according to VRRP specification).

I want to provide access for Windows user, no mater which cluster's routers is currently active (used as main).
by anonymous

I ok, i analysed my post and did not post most important information: dyndns client configured in the LAN.

My networks looks like below.
I have server in the network that is client of DynDNS. If one of router fails, the other is used as IP for my dynamic domain.
End user will be connecting to VPN by dynamic domain that is pointing current active WAN IP.

End user does not now which WAN IP is currently in use. He gets only domain to connect - that solution works perfectly now.
No mater which router is active I want to provide access to server via OpenVPN (and other computers in LAN).

I can for example make port forwarding for RDP on both routers but be serious... port forwarding for RDP is never good idea. 

by anonymous
Hello,

If I understand correctly, the server is connected to the Main router (which should have OpenVPN server configured) and from Laptop (OpenVPN client) you should reach your Main server. In theory, it should work (I cannot guarantee) if you would configure OpenVPN server in both routers and your client should connect to the one that is currently with DYNDNS hostname.
by anonymous
Hello,

server is connected to main Switch L3 which is connected to VRRP Cluster with configured gateway on Cluster's Virtual IP.

It is almost exactly as you say, but not Main router but VRRP Cluster should have configured OpenVPN.
In theory and my idea it should work (as you said).
No mater which router is currently in use according to VRRP, user (laptop) will be connecting to currently active router's IP (according to DynDNS). But I currently I have no opportunity to test that solution.

But let's go further. What will happen if VRRP change current active router?
Because session stared on one router won't be transferred to another.

Best regards,
Grzegorz
by anonymous
You are correct, the session will not be transferred. From your topology, I understood that DDNS IP will be transferred to another router at some point, and if client connects to VPN server using that DDNS address, it should reconnect at some point.
by anonymous
Hello,

thank you for your comment. As I find in the documentation of OpenVPN there is ping check to reconnect server.
For now I made a VM with OpenVPN and made a masquerading to local LAN network be independent of OpenVPN server switch (between routers in cluster).

As only I have option to validate original idea, I will set OpenVPN Server on VRRP cluster.

Best regards,
Grzegorz