User & Settings sync between multiple non clustered VPN srvs
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
User & Settings sync between multiple non clustered VPN srvs
Hello guys (and girls).
I want to create an IPSEC/L2TP VPN network, containing multiple servers for horizontal elasticity. As you well know, IPSEC/L2TP does not support redirection, therefore the clustering functionality offered by EtherSoft Server out of the box can't be used.
Now imagine 3 virtual machines, each running a VPN server instance. What is the easiest way to share a configuration file among these machines, so that a modification performed on one server gets reflected in the the other servers settings ? Is this even achievable ?
I want to create an IPSEC/L2TP VPN network, containing multiple servers for horizontal elasticity. As you well know, IPSEC/L2TP does not support redirection, therefore the clustering functionality offered by EtherSoft Server out of the box can't be used.
Now imagine 3 virtual machines, each running a VPN server instance. What is the easiest way to share a configuration file among these machines, so that a modification performed on one server gets reflected in the the other servers settings ? Is this even achievable ?
-
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: User & Settings sync between multiple non clustered VPN
SeventhSin wrote:
> Hello guys (and girls).
>
> I want to create an IPSEC/L2TP VPN network, containing multiple servers for
> horizontal elasticity. As you well know, IPSEC/L2TP does not support
> redirection, therefore the clustering functionality offered by EtherSoft
> Server out of the box can't be used.
May you explain more about this ?
> Hello guys (and girls).
>
> I want to create an IPSEC/L2TP VPN network, containing multiple servers for
> horizontal elasticity. As you well know, IPSEC/L2TP does not support
> redirection, therefore the clustering functionality offered by EtherSoft
> Server out of the box can't be used.
May you explain more about this ?
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
Re: User & Settings sync between multiple non clustered VPN
Yes, it means that I have multiple virtual machines, each one of them provisioned with an SoftEther Server installation.
These VMs come online or go offline based on vpn user activity: more users online - more machines, less users online - less machines.
Now, each vpn server is configured for IPSEC/L2TP, which means I cannot cluster them to share the users and settings between instances.
My question is: is it possible to have these machines replicate their settings and users to each other or use some sort of central repository (like a database or common config file) that can be shared among instances ?
I hope this clears it up.
These VMs come online or go offline based on vpn user activity: more users online - more machines, less users online - less machines.
Now, each vpn server is configured for IPSEC/L2TP, which means I cannot cluster them to share the users and settings between instances.
My question is: is it possible to have these machines replicate their settings and users to each other or use some sort of central repository (like a database or common config file) that can be shared among instances ?
I hope this clears it up.
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
Re: User & Settings sync between multiple non clustered VPN
Never mind, I just noticed one could use RADIUS authentication.
-
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: User & Settings sync between multiple non clustered VPN
SeventhSin wrote:
>
> Now, each vpn server is configured for IPSEC/L2TP, which means I cannot
> cluster them to share the users and settings between instances.
Where did you get that from ?. Enabling L2TP/IPSec function results in preventing you from clustering SE servers. Or may be I understood you incorrectly ):.
>
> Now, each vpn server is configured for IPSEC/L2TP, which means I cannot
> cluster them to share the users and settings between instances.
Where did you get that from ?. Enabling L2TP/IPSec function results in preventing you from clustering SE servers. Or may be I understood you incorrectly ):.
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
Re: User & Settings sync between multiple non clustered VPN
The sharing of user data comes built in SE's clustering functionality. As I mentioned, I do know it is not supported for IPSEC/L2TP connections due to lack of redirection support in those protocols. SE's clustering capabilities are *much more* than mere sharing of user settings though.
Since sharing user data between instances != clustering, my question pertained to alternative solutions, like for example the possibility to share a database between instances.
I hope this clarifies what I asked. :)
Since sharing user data between instances != clustering, my question pertained to alternative solutions, like for example the possibility to share a database between instances.
I hope this clarifies what I asked. :)
-
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: User & Settings sync between multiple non clustered VPN
Hello There!. you didn't answer my question (:. you said, in meaning, "Enabling L2TP/IPSec function results in preventing you from clustering SE servers. ", right ?, if it's right, my second question : Where did you get that information from ?.
Good luck (:
Good luck (:
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
Re: User & Settings sync between multiple non clustered VPN
raafat wrote:
> Hello There!. you didn't answer my question (:.
> Where did you get that information from ?.
> Good luck (:
Sorry about that, I was distracted. :)
Here you go:
http://www.vpnusers.com/viewtopic.php?p=2679
> Hello There!. you didn't answer my question (:.
> Where did you get that information from ?.
> Good luck (:
Sorry about that, I was distracted. :)
Here you go:
http://www.vpnusers.com/viewtopic.php?p=2679
-
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: User & Settings sync between multiple non clustered VPN
Are you looking for a load-balancing or fail-over functionality ?
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: User & Settings sync between multiple non clustered VPN
Hi all,
@rafaat. Yes. Enabling L2TP functionality automatically prevents you from using Clustering. Try this in the GUI
@SeventhSin. I had a similar issue, and here's how I solved it by saving the settings into a database. Here are the details:
- I wrote a nodejs program that is able to save and load vpn_server.config file into a mysql database
- Any configuration changes, I do directly into the database
- When a new VPN server comes up, it generates the configuration from the DB
- When the configurations in the DB are changed, I fire a small program that stops the VPN server, regenrates the configuration then starts the server. DO NOT rewrite the configuration while the server is running, because SoftEther will rewrite your file
Nevertheless, these servers can't be 100% in sync. They differ in counters, stats etc.., but this was unimportant for me
Cheers
Moataz
@rafaat. Yes. Enabling L2TP functionality automatically prevents you from using Clustering. Try this in the GUI
@SeventhSin. I had a similar issue, and here's how I solved it by saving the settings into a database. Here are the details:
- I wrote a nodejs program that is able to save and load vpn_server.config file into a mysql database
- Any configuration changes, I do directly into the database
- When a new VPN server comes up, it generates the configuration from the DB
- When the configurations in the DB are changed, I fire a small program that stops the VPN server, regenrates the configuration then starts the server. DO NOT rewrite the configuration while the server is running, because SoftEther will rewrite your file
Nevertheless, these servers can't be 100% in sync. They differ in counters, stats etc.., but this was unimportant for me
Cheers
Moataz
-
- Posts: 9
- Joined: Mon Sep 19, 2016 2:52 pm
Re: User & Settings sync between multiple non clustered VPN
Thank you all for chiming in.
I ended up going for another technology capable to offer me the capabilities sought for.
I ended up going for another technology capable to offer me the capabilities sought for.
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: User & Settings sync between multiple non clustered VPN
Which technology is that?