https://devopstales.github.io/linux/opnsense-openvpn/

[utterances-bot]

Configure OpenVPN HA opnsense cluster - devopstales

https://devopstales.github.io/linux/opnsense-openvpn/

[gabecz]

hi when i set up openvpn on opnsense on a HA cluster of 2 nodes, the "connection status" won't sync between master and backup, therefore when master goes down, users get prompted for reauthentication. is that something to force-sync, or to make the carp send connection status session whatever that is to both master and backup, so in case of failure it'll just reconnect without interruption after a few packet losses? it does reconnect automatically after a bit when using local database indeed. but we're using radius with duo prompt. and that's our problem. the failover is not seamless. thanks

[devopstales]

Hi @gabecz. opnsense use active/passive HA cluster. This means the service only running on the current master. If the master goes down the slave become master and start the service. So it is totally normal to have downtime. There for there is no option to persist or syn your user session. But for more information check the opnsense documentation.

[archibaldodlc]

Hi, @devopstales! Nice article by the way. I wonder if it is possible to have, for example, 5 instances of Opnsense running in cluster mode (all active) and if this load balancing the vpn clients.

Thanks in advance. Regards, Víctor

[devopstales]

Hi @archibaldodlc The Opnsense cluster can only created by two nod, and it is working as an Active-Passive Cluster. So no you can not incorporate 5 node into one cluster.