[eduVPN-deploy] High availability for VPN Nodes?
Marc Langer
marc.langer at uos.de
Wed Jul 27 18:03:33 CEST 2022
Am 06.07.22 um 12:47 schrieb François Kooman:
>
> They can't be "migrated". If one node fails for example, the client
> will have to talk again to the portal to fetch a new configuration and
> then will get a configuration for one of the nodes that is still up.
...
> That won't work indeed as the nodes have different "tls-crypt" keys.
Hi François ,
I had to solve some other problems in the meantime and now came back to
test my eduvpn3 setup. I have two machines, each have the portal and a
VPN node installed.
There is a HA IP address managed by keepalived. My problem at the moment:
When VM2 is VRRP master, the portal on VM2 generates a OpenVPN
configuration file with the hostname of VM1, but the host key seems to
be wrong. When I manually change the servername to connect to VM2, it works.
So I must have something wrong with the node keys and configuration. I
followed the instructions in the documentation, and cannot find the error.
Do you have any idea where to start, what to check first?
Here some parts of the config:
On both hosts:
'ProfileList' => [
[
'profileId' => 'Uni-Netz',
'displayName' => 'Uni-Netz',
'hostName' => ['eduvpn3-1.rz.uni-osnabrueck.de',
'eduvpn3-2.rz.uni-osnabrueck.de'],
'nodeURL' =>
['http://eduvpn3-1.uni-osnabrueck.de:41194','http://eduvpn3-2.uni-osnabrueck.de:41194'],
On eduvpn3-1: /etc/vpn-server-node/config.php:
'apiUrl' =>
'http://eduvpn3-1.rz.uni-osnabrueck.de/vpn-user-portal/node-api.php',
'nodeNumber' => 0,
On eduvpn3-2: /etc/vpn-server-node/config.php:
'apiUrl' =>
'http://eduvpn3-2.rz.uni-osnabrueck.de/vpn-user-portal/node-api.php',
'nodeNumber' => 1,
Each have different /etc/vpn-server-node/keys/node.key and
/var/lib/vpn-user-portal/keys/tls-crypt-Uni-Netz.key files. Perhaps
these are wrong?
Thanks,
Marc
--
Uni Osnabrück
Rechenzentrum
Nelson-Mandela-Str. 4
49076 Osnabrück
Tel. 0541-969-2365
More information about the eduVPN-deploy
mailing list