Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Design Datacenter with two hardware
« previous
next »
Print
Pages: [
1
]
Author
Topic: Design Datacenter with two hardware (Read 4594 times)
Julien
Hero Member
Posts: 666
Karma: 33
Design Datacenter with two hardware
«
on:
July 08, 2018, 11:19:03 pm »
Dear All,
We are designing a Datacenter and want to use OPN two hardware with failover senario.
We offerted 4 WAN IP with 1GB speed on each WAN
WAN1 . 1.1.1.1
WAN2 . 1.1.1.2
WAN3 . 1.1.1.3
WAn4 . 1.1.1.4
WAN1 and WAN2 will be connected on the main OPN hardware , WAN1 will be offering a VPN site to site and also VPN for users using two factor authentication. also will be the ip for the internet
WAN2 will be the mx records of the internal mail server.
i want to configure the second hardware WAN3/WAN4 as a failover in case the first hardware is down remote users will still be able to work.
Can someone please advies how to configure this ? i've read the HA CARPS can do the job but not sure if it does apply in my senario.
Thank you
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Design Datacenter with two hardware
«
Reply #1 on:
July 09, 2018, 08:59:17 am »
Hi Julien,
Which VPN are you using? OpenVPN has features to do active/active load balancing between hosts:
--remote-random-hostname will prevent clients from caching the server DNS record
--remote-random will scramble the remotes list that the clients go through
You can spread the load on your MTA's with DNS MX records.
For IPSec you'll likely need CARP. In either case, your routing is going to be interesting ;-)
Bart...
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: Design Datacenter with two hardware
«
Reply #2 on:
July 09, 2018, 04:32:50 pm »
Hi Bart
Thank you for your answer.
We are using OPENVPN as VPN server for both site to site and remote users.
Can you explain more what do you mean with your below ?
--remote-random-hostname will prevent clients from caching the server DNS record
--remote-random will scramble the remotes list that the clients go through
Thank you Bart
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Design Datacenter with two hardware
«
Reply #3 on:
July 09, 2018, 07:20:50 pm »
Hi Julien,
A OpenVPN client connection can be configured with multiple 'remote' lines. Normal behaviour is for it to attempt a connection starting with the first line, and work its way down until it connects.
The remote-random option will randomise this sequence, and the remote-random-hostname will add a random subdomain to the FQDN of the server, to stop the client's resolver from caching the server's name to allow for DNS load balancing.
These are client options which you'll need to add to each user's profile. Naturally, the OpenVPN man page is compulsory reading
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: Design Datacenter with two hardware
«
Reply #4 on:
July 09, 2018, 10:11:32 pm »
Wow i didnt know this possible.
We can configure the 3 WAN to use the OPNVPN. this amazing.
i'll check this out thank you for the info.
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Design Datacenter with two hardware
