Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default VRRP and Open VPN

    I am deploying 11.1. I will be running Wan balancer and wan fail over and many of the other premium apps.
    I need to have a backup router so that when things quit while I am on vacation the local admin can get it all running again. I thought that VRRP looked real good. But I read that Open VPN will not work with VRRP. Is that true?

    So If that is the case then I need to deploy multiple Open VPN config files to each client so that if one does not work they try config 2 and then perhaps config 3. Does that work?
    I would have to set up Open VPN on both the main and fail over routers. These would be VM's

    The fail over router would run the lite version of untangle and I would also have a replica of the main router sitting cold on the backup vmware host.

    I looked into using VMware's high availability and stopped when the pricing went past $14,000

    If the router quits while I am out of the office some things will get weird but mission critical stuff should still be functional. Testing is going to suck. Not sure about a lot of the Vmware stuff but this is probably not the forum for those questions.

    I can then remote in and fire up the cold replica and it should gracefully take over from the lite VM. Except for Open VPN, but I only have 3 users on that. Perhaps I should run Open VPN on the lite appliance all the time.

    I seems that if I want to use VRRP I have to have 2 extra public IPs. One for each box and the ones that pass back and forth. I have 2 now so I would need 4. I hope both my ISPs will let me do that.

    It really seems that VRRP is still a bit wet behind the ears on Untangle, but the idea of it is super cool.

    Something I worry about is that all of this is so complicated that troubleshooting will be a nightmare.

    I also looked into the cold spare U50. But the one I have now is too slow. It can handle my 35 users but UI is too slow to troubleshoot problems in real time. Users complain about slow downs but the Internet is just like that sometimes. I have to avoid offering to look into it because of the time sink it is. I could buy the U150 and maybe help that, but the annual fees are kinda steep. So I am deploying Untangle as VM's because I have surplus horsepower in my Vmware hosts.

    Brian

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    If you want openvpn to work on your servers, you need to backup the config on the master, restore in on the slave.

    and then change the openvpn remote clients to connect to the VRRP ip instead of the master IP directly.

    That way it connects to whichever box owns the VRRP IP. If it loses connection it will automatically reconnect. If the master goes down then the slave takes over the VRRP IP and then the remote server reconnects to the slave via the VRRP IP.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default

    How to I backup and restore the Open VPN config. Is that a command line thing?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    under config > system > backup and config > system > restore.

    On the slave you want to restore all the setting except the network settings. That way they are identical in all ways except the IP address.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Sep 2012
    Posts
    64

    Default

    Oh. I thought that I could just do the Open VPN. I think that means that I have to install all the apps and then uninstall them to get back to the lite apps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2