Opened 14 years ago
Closed 2 years ago
#25 closed Feature Wish (wontfix)
Check if state/instance synchronization between OpenVPN instances is doable in 2.x series
Reported by: | Samuli Seppänen | Owned by: | reg9009 |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | james@… |
Description
As discussed in IRC meeting on 3rd June 2010 having state/instance synchronization between OpenVPN instances should be doable. This would enable transparent failover configuration, similar to what OpenBSD has with IPSec.
However, more research is needed to determine whether 2.x series is up for the job, or if we should postpone implementation to OpenVPN 3.0.
Change History (3)
comment:2 Changed 10 years ago by
Cc: | james@… added |
---|---|
Version: | 2.1.0 / 2.1.1 → git master branch |
Jamesyonan: is this a non-issue for OpenVPN 3.x?
comment:3 Changed 2 years ago by
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Type: | TODO (General task list) → Feature Wish |
I'm closing this. Nobody is currently working on this, and the benefit is not that big, with --auth-gen-token secret
sharable across multiple servers and faster TLS handshake these days - so a reconnect in case a server crashes would be a matter of "a few seconds".
Actually implementing this would be extremely complex, as we currently don't even seem to get our own + DCO state properly sorted out, so "sharing with a peer" would add multiple layers of complexity.
This is an interesting idea, but doesn't seem to have gone anywhere. is this still valid for 2.x and does 3.x have something like this already?