OpenVPN DR Considerations
Looking for ideas suggestions on implementing an OpenVPN failover configuration but between a primary and DR site rather than a pair of pfSense boxes in a HA pair (we already have that).
All staff have openVPN connections into our primary site and we want to minimise the downtime if we have to bring up the DR site.
My understanding is that if we use a hostname for the oVPN server we can redirect that to the DR site with a DNS tweak (and short TTL).
We would have to copy all of the user certs to the DR firewall and configure identical user accounts for this to be a seamless transition.
So, is there a way to automate the replication of those user/oVPN accounts as we do using CARP between our two firewalls on the HA pair on the primary site?
thanks for any suggestions!