There is a lot of info available about how to configure OpenVPN in bridging mode, but I am finding myself unable to really grasp the info I've encountered and adapt it to the specific setup I want to achieve.
I would like to set up a completely transparent way for a set of servers to talk to each other with encryption. Each server is statically addressed on one subnet that currently exists on the primary network interface. I'd like to add another subnet, also statically addressed, where all communication uses IPSEC. The numbers below have been changed to protect the guilty: Let's say that these servers all have a 10.5.7.x/24 IP address on the primary network interface. I would like any traffic that uses these addresses to remain unencrypted. If traffic goes instead to a 10.5.8.x/24 address, then it should automatically be encrypted. If I can set up mod_proxy_ajp such that it can use multicast on the encrypted network to create a cluster, that's even better. Two of the servers in this setup will be running pacemaker and haproxy, forming a highly-available load balancer, the rest are webservers running apache and tomcat. The load balancer needs to talk to apache over IPSEC, and apache needs to talk to tomcat over IPSEC. I can't easily encrypt this traffic with SSL, and the customer wants it encrypted on the wire ... so I'm investigating IPSEC. Ideally, there would be no such thing as a VPN "server" or "client" ... just a bunch of peers ... but if I have to have a server, I need to know how to make it fault tolerant across two hosts with pacemaker. The VPN bridging HOWTOs I can find discuss how to set up the server with DHCP, but very little info on the clients ... and from what I can tell, the DHCP address pool is on the same subnet as the existing LAN interface, which doesn't fit into what I'd like to do.. I do not want DHCP, and I want the IPSEC endpoints to be on a different subnet. Here's the questions that come out of this: * Can I achieve the precise requirements I'm looking for, either with OpenVPN or another software package? * If I can achieve the intent of what I want by adjusting my expectations a little, please let me know how. * Is there an existing HOWTO that covers what I'm trying to do? Can I look at two or more HOWTOs and combine the info for a full solution? Thanks, Shawn ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
