Feature #2472
closed
Option to tie OpenVPN client instance to CARP status
0%
Description
Currently OpenVPN clients on backup CARP status hosts will still send out packets on that CARP IP, breaking that OpenVPN instance. It's currently worked around with devd scripts but done manually. Should have a checkbox at some point to tie client instances to the CARP status, or if it can be worked around at the OS level by forbidding sending packets sourced from a CARP IP with backup status, that would be best as it would eliminate any kind of problem along these lines.
Updated by Chris Buechler over 13 years ago
- Tracker changed from Bug to Feature
- Subject changed from openvpn site2site (client side) on slave CARP cluster to Option to tie OpenVPN client instance to CARP status
- Description updated (diff)
- Category changed from CARP to OpenVPN
- Affected Version deleted (
2.0.1)
updated with proper description
Updated by Jim Pingle over 13 years ago
To clarify a little: We already do this on 2.0.2 and 2.1, if you bind the client instance to a CARP VIP, it will not start the client when it's in backup status, and kills it when it makes that transition via a devd hook. This is all automated now, nothing manual to do there anymore. The only thing you need to do to kick that behavior in is bind to a CARP VIP.
As for sourcing packets from the CARP VIP in backup status at the OS level, that is a more general issue not really related to OpenVPN.
Updated by Chris Buechler over 13 years ago
- Status changed from New to Closed
ah I forgot you had already added that Jim.