I'm trying to build a Layer-2 Site-to-Site VPN with high availability.
Now on site A of the I can install a cluster of VPN Servers.
On site B however I cannot install a VPN Server cluster, because Cascade Connections are not supported on clusters.
I can also not make use of a VPN Bridge on site B, because that does not support clustering.
Any hints, how to setup a high-availability site-to-site VPN?
Thanks
Site-to-Site High-Availability VPN
-
onkelstony
- Posts: 4
- Joined: Wed May 14, 2014 9:27 am
Re: Site-to-Site High-Availability VPN
Some more information. Currently the Site-to-Site VPN runs on pfSense/OpenVPN, but the flexibility and features of SoftEther look very promising and that's the reason for my question.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Site-to-Site High-Availability VPN
Usually clustering is used on only center server. In another place, VPN Bridge is used. And VPN Bridge can't become clustering member.
-
onkelstony
- Posts: 4
- Joined: Wed May 14, 2014 9:27 am
Re: Site-to-Site High-Availability VPN
thisjun wrote:
> And VPN Bridge can't become clustering member.
Thanks for your answer.
Is there any plans to enable clustering for VPN Bridge? Or any other hint on how to enable high availability on both sides of the Site-to-Site VPN?
> And VPN Bridge can't become clustering member.
Thanks for your answer.
Is there any plans to enable clustering for VPN Bridge? Or any other hint on how to enable high availability on both sides of the Site-to-Site VPN?
-
dnobori
- Posts: 228
- Joined: Tue Mar 05, 2013 10:04 am
Re: Site-to-Site High-Availability VPN
There are no function of clustering VPN Bridge on the current version.
However, you can establish the site-to-site high-availability VPN connection by using two pairs of VPN computers and a pair of STP (Spanning Tree Protocol) with STP-supporting Layer-2 switches.
In this model, you should establish isolated two site-to-site Ethernet bridging line. Each line is like a Cat5e network cable. After that, you place each layer-2 switch on each site with the STP configuration. Then the Site-to-Site High-Availability VPN will be realized.
However, you can establish the site-to-site high-availability VPN connection by using two pairs of VPN computers and a pair of STP (Spanning Tree Protocol) with STP-supporting Layer-2 switches.
In this model, you should establish isolated two site-to-site Ethernet bridging line. Each line is like a Cat5e network cable. After that, you place each layer-2 switch on each site with the STP configuration. Then the Site-to-Site High-Availability VPN will be realized.
-
onkelstony
- Posts: 4
- Joined: Wed May 14, 2014 9:27 am
Re: Site-to-Site High-Availability VPN
I thought of that too. It's ugly, but it should work.
I'll give it a shot...
I'll give it a shot...
-
petergsnm
- Posts: 14
- Joined: Wed Jul 09, 2014 7:20 am
Re: Site-to-Site High-Availability VPN
I understand, it is recommended to use VPN Bridge on the Branch office and VPN Server on the Main office and VPN Server at the main office can be clustered. This works in most of the cases.
But, what if I need a cluster on my local site(Branch Office), We have added more users on my local site and my local site is not able to handle the load.
The local site does not need to be a VPN Bridge, it can be a VPN Server too. But, when these two VPN servers are connected through cascade connection, I can't enable cluster on the local site too (same problem as bridge).
Any plans of having clustering on the local site ?
But, what if I need a cluster on my local site(Branch Office), We have added more users on my local site and my local site is not able to handle the load.
The local site does not need to be a VPN Bridge, it can be a VPN Server too. But, when these two VPN servers are connected through cascade connection, I can't enable cluster on the local site too (same problem as bridge).
Any plans of having clustering on the local site ?