Messages

1

High availability / Re: Multiples instances of Opnsese behind a load balancer for Openvpn (on AWS)

« on: February 07, 2024, 10:42:00 pm »

I know the point of the request is opnsense, but...

If it were me, I'd do it with Linux nodes and then use RADIUS for central authentication.  Even with round robin DNS, I found it was 'good enough' i.e equal enough that I didn't require a load balancer.

Obviously RR DNS doesn't account for node failures, but with all IPs explicitly specified in the configuration (instead of using DNS), remote-random set and/or resolv-retry set to infinite (if using RR DNS/hostnames), OpenVPN itself will then try other server IPs.

Hi, iMx! Thanks for you response. I'll give a look to see it fits my needs.

Synchronisation of configuration is the main problem to tackle here. Unfortunately the OPNsense cluster mechanism supports only one secondary firewall system to which the active primary node syncs all settings.

Hi, Patrick! Thanks for you response. I think to is posible to sync more nodes in the following way:

node A with B
node B with C
node C with D ... and so on.

I will try with that.


Regards,
Archibaldo

2

High availability / Re: Multiples instances of Opnsese behind a load balancer for Openvpn (on AWS)

« on: January 26, 2024, 10:15:53 pm »

Hi, anyone knows if is this possible?

3

High availability / Multiples instances of Opnsese behind a load balancer for Openvpn (on AWS)

« on: January 23, 2024, 09:25:52 pm »

Hi, everyone!

As the tittle says, I wonder if is possible to have 3 (or more) Opnsense instances (all active), with Openvpn configured and synced between instances, behind a load balancer in order to have many many devices  connected via VPN to this instances. I researched in many forums, included this one, Google, and of course, the Opnsense documentation, but only found configuration for HA, with one node active and other for backup. In my case I a need a cluster with all instances active.

If is possible?

Regards,
Archibaldo.