OpenVPN Server bound to gateway group is listening on the wrong VIP



  • 2.1-RC1 (amd64) built on Thu Aug 1 19:39:40 EDT 2013

    Gateway Group called "GWG_Failover" has WAN = Tier 1 and OPT2 = Tier 2. The route through WAN is down. Status on the Gateway Group correctly sees Tier 1 as offline and Tier 2 online.

    There are dedicated CARP VIPs on both WAN and OPT2 for OpenVPN. They are set as the Virtual IP in GWG_Failover.

    According to the OpenVPN logs, the server is always binding to the VIP on WAN regardless if the gateway on WAN is online or not.

    I can change the tiers around and make WAN = Tier 2 and OPT2 = Tier 1. Gateway on WAN is still down. Yet OpenVPN binds to the VIP on WAN.

    The only way I can get OpenVPN to listen on the OPT2 VIP is if I remove WAN completely from the GWG_Failover or bind OpenVPN to the VIP on OPT2 instead of binding it to GWG_Failover.

    Thanks,

    Shahid



  • It looks to me like there is simply no code in openvpn.inc to implement this. openvpn_reconfigure() calls get_failover_interface(). It should then look for this interface in the gateway group settings and check if it has a particular VIP defined, and use it. But I can't see any code that does that.
    I suggest add a bug report on Redmine and the feature can be actually implemented.
    (There might be a few things like this as gateway group functionality is added to new parts of the system. Code has to be done to implement all the various parameters that can be specified in a gateway group.)



  • Added as Bug #3172.

    Shahid


Log in to reply