User & Settings sync between multiple non clustered VPN srvs

[SeventhSin]

Hello guys (and girls).

I want to create an IPSEC/L2TP VPN network, containing multiple servers for horizontal elasticity. As you well know, IPSEC/L2TP does not support redirection, therefore the clustering functionality offered by EtherSoft Server out of the box can't be used.

Now imagine 3 virtual machines, each running a VPN server instance. What is the easiest way to share a configuration file among these machines, so that a modification performed on one server gets reflected in the the other servers settings ? Is this even achievable ?

[raafat]

SeventhSin wrote:
> Hello guys (and girls).
>
> I want to create an IPSEC/L2TP VPN network, containing multiple servers for
> horizontal elasticity. As you well know, IPSEC/L2TP does not support
> redirection, therefore the clustering functionality offered by EtherSoft
> Server out of the box can't be used.

May you explain more about this ?

[SeventhSin]

Yes, it means that I have multiple virtual machines, each one of them provisioned with an SoftEther Server installation.

These VMs come online or go offline based on vpn user activity: more users online - more machines, less users online - less machines.

Now, each vpn server is configured for IPSEC/L2TP, which means I cannot cluster them to share the users and settings between instances.

My question is: is it possible to have these machines replicate their settings and users to each other or use some sort of central repository (like a database or common config file) that can be shared among instances ?

I hope this clears it up.

[SeventhSin]

Never mind, I just noticed one could use RADIUS authentication.

[raafat]

SeventhSin wrote:

>
> Now, each vpn server is configured for IPSEC/L2TP, which means I cannot
> cluster them to share the users and settings between instances.

Where did you get that from ?. Enabling L2TP/IPSec function results in preventing you from clustering SE servers. Or may be I understood you incorrectly ):.

[SeventhSin]

The sharing of user data comes built in SE's clustering functionality. As I mentioned, I do know it is not supported for IPSEC/L2TP connections due to lack of redirection support in those protocols. SE's clustering capabilities are *much more* than mere sharing of user settings though.

Since sharing user data between instances != clustering, my question pertained to alternative solutions, like for example the possibility to share a database between instances.

I hope this clarifies what I asked. :)

[raafat]

Hello There!. you didn't answer my question (:. you said, in meaning, "Enabling L2TP/IPSec function results in preventing you from clustering SE servers. ", right ?, if it's right, my second question : Where did you get that information from ?.



Good luck (:

[SeventhSin]

raafat wrote:
> Hello There!. you didn't answer my question (:.
> Where did you get that information from ?.

> Good luck (:

Sorry about that, I was distracted. :)

Here you go:
http://www.vpnusers.com/viewtopic.php?p=2679

[raafat]

Are you looking for a load-balancing or fail-over functionality ?

[moatazelmasry]

Hi all,

@rafaat. Yes. Enabling L2TP functionality automatically prevents you from using Clustering. Try this in the GUI

@SeventhSin. I had a similar issue, and here's how I solved it by saving the settings into a database. Here are the details:
- I wrote a nodejs program that is able to save and load vpn_server.config file into a mysql database
- Any configuration changes, I do directly into the database
- When a new VPN server comes up, it generates the configuration from the DB
- When the configurations in the DB are changed, I fire a small program that stops the VPN server, regenrates the configuration then starts the server. DO NOT rewrite the configuration while the server is running, because SoftEther will rewrite your file

Nevertheless, these servers can't be 100% in sync. They differ in counters, stats etc.., but this was unimportant for me

Cheers
Moataz

[SeventhSin]

Thank you all for chiming in.

I ended up going for another technology capable to offer me the capabilities sought for.

[moatazelmasry]

Which technology is that?