search

ultrahorizon / UH-VPN-Docs

Documentation, bug tracker and feature request system for UH VPN
https://docs.uh-vpn.com
8 stars 1 forks source link

Is this the minimum disruptive way to move to a new vpn server? #22

Closed sunny75016 closed 4 years ago

sunny75016 commented 4 years ago

My current UH vpn installation is on a Ubuntu 20.04 server from VPS service provider A. Everything is working perfect (/ Server / Users / Devices). Love you great people at UH VPN. :-) I now need to move the UH vpn installation to a new Ubuntu 20.04 server from another VPS service provider B.

Questions: (1) Is it sufficient to create a new UH vpn server on the service provider B and edit the "server settings" i.e. IP addresses on the web based control panel? (2) What else should I bear in mind to avoid any disruption to end users?

AnthonyWharton commented 4 years ago

I would not recommend reusing an active server token on a new instance, as once you update the server it’s going to attempt to apply the server settings to both the old and new instances which could cause server issues. In any case two instances using the same server token makes little sense in most scenarios as that involves sharing IP addresses.

I would create a new server in the web interface for the new instance, and then use the appearance order setting to make it appear first. Upon validating the new server works I’d do one of two things (depending on what @jwsi says)

1) Delete the old server from the web interface. Apps currently connected to the old server will continue working - assuming that the server instance doesn’t turn off when deleted @jwsi? Them clients that aren't connected will sync to the new server when reopening the App.

2) If my assumption is wrong and the server instance does turn off when deleted, this will cause minimum disruption to users as their connection will fail until they reopen the App. In this scenario I would not delete the server from the web interface and encourage users to use the other server by other means (message/email) and warm them that it will be switched off in due course.

For reference, the following happens when updating a server in the web interface:

1) uh-vpn-server installations will update themselves to apply the new settings selected. I believe this could take a couple of minutes on 1.0.0 but has been improved to taking only a few seconds in 1.1.0 but I will wait for @jwsi to confirm this.

2) Users of UH VPN apps will continue on the current VPN connection if the server change hasn’t done something to disrupt that connection (IP/Port/Protocol/crypto changes). If the server connection has been disrupted, then the connection will fail.

Upon opening the App, UH VPN will sync the latest profile. Once the App syncs they will receive the latest server settings - if they were already connected to the server that has been uodates, the App will perform a reconnect cycle to ensure they connected to the latest settings. 

Note that Apps will only perform this check when opened by the user, and not actively in the background. This could be changed in the future but we try do the minimum amount of work in the background in our apps for privacy and battery performance reasons.
sunny75016 commented 4 years ago

Thanks, Anthony. I will read what jwsi says with interest.

In the meanwhile, I have made the moving process even easier by following these steps. (1) Create a new vps and note down the IPv4, (b) Install UH VPN from your ppa on the new VPS, (c) Delete the older VPS completely, (d) add the UH server token on the new VPS, (e) Update the IPv4 using the web interface and save.

Result: The user level disruption was less than 1 minute as checked using the iOS app and absolutely no change on the device app was required. No email had to be sent to users. This was my objective.

AnthonyWharton commented 4 years ago

You still don't need to update the current server!

Service profiles are for the group not the server, so any new servers will sync without requiring a new profile :) It will appear as a new server in the list for them.

jwsi commented 4 years ago

Thanks, Anthony. I will read what jwsi says with interest.

In the meanwhile, I have made the moving process even easier by following these steps. (1) Create a new vps and note down the IPv4, (b) Install UH VPN from your ppa on the new VPS, (c) Delete the older VPS completely, (d) add the UH server token on the new VPS, (e) Update the IPv4 using the web interface and save.

Result: The user level disruption was less than 1 minute as checked using the iOS app and absolutely no change on the device app was required. No email had to be sent to users. This was my objective.

Hi Sunny, this is a good way to do it and I'm glad you achieved zero disruption.

For reference, from uh-vpn-server v1.1.0 the following procedure should be performed to migrate VPS:

1) Create new VPS with uh-vpn-server installed 2) Regenerate the token on web interface for the existing server 3) Add the new token into the new VPS and confirm acceptance 4) Update the IP of the existing server to point to the new VPS 5) Test that clients now connect to the new VPS

Glad everything worked out :)