Opened 14 years ago
Closed 16 months ago
#25 closed Feature Wish (wontfix)
Check if state/instance synchronization between OpenVPN instances is doable in 2.x series
| Reported by: | Samuli Seppänen | Owned by: | reg9009 |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: | james@… |
Description
As discussed in IRC meeting on 3rd June 2010 having state/instance synchronization between OpenVPN instances should be doable. This would enable transparent failover configuration, similar to what OpenBSD has with IPSec.
However, more research is needed to determine whether 2.x series is up for the job, or if we should postpone implementation to OpenVPN 3.0.
Change History (3)
comment:2 Changed 9 years ago by
| Cc: | james@… added |
|---|---|
| Version: | 2.1.0 / 2.1.1 → git master branch |
Jamesyonan: is this a non-issue for OpenVPN 3.x?
comment:3 Changed 16 months ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
| Type: | TODO (General task list) → Feature Wish |
I'm closing this. Nobody is currently working on this, and the benefit is not that big, with --auth-gen-token secret sharable across multiple servers and faster TLS handshake these days - so a reconnect in case a server crashes would be a matter of "a few seconds".
Actually implementing this would be extremely complex, as we currently don't even seem to get our own + DCO state properly sorted out, so "sharing with a peer" would add multiple layers of complexity.
This is an interesting idea, but does seem to have gone anywhere. is this still valid for 2.x and does 3.x have something like this already?