Failover with Ospf and OpenVpn
From ImageStream Router Documentation
(Created page with "In this tech note we will setup link failover between a Wireless link and VPN that takes a different path to the internet. To do this we will first setup an OpenVpn Link between...")
Newer edit →
Revision as of 23:32, 3 December 2014
In this tech note we will setup link failover between a Wireless link and VPN that takes a different path to the internet. To do this we will first setup an OpenVpn Link between the two routers. Then we will configure Quagga Ospf to distribute a default route and learn the networks at the remote site.
We have two locations, Site A which has an existing internet connection and is the normal default route for Site B. Site B has a microwave link(connected via Ethernet to the router). Site B also has a second independent Internet connection.
The OpenVpn configuration below is a simple peer to peer setup.
Site B OpenVpn configuration
! interface Tunnel0 description Tunnel to Site A tunnel mode openvpn tunnel source 10.10.20.1 1194 tunnel destination 126.96.36.199 1194 tunnel key b232292562bde187ae65431ecc643147 tunnel options --float --passtos --dev-type tap pointopoint address 192.168.45.1 ip address 192.168.45.2 255.255.255.252 ! ip route add 188.8.131.52 via 10.10.20.2 dev eth7
This establishes a OpenVpn Tunnel to Site A. One thing to note, in this example we what to direct traffic for the Site A router out a specific secondary Internet connection. In this case the secondary Internet connection is connected to Ethernet7 and the secondary router has an Ip address of 10.10.20.2. So we add a static host route to the remote Internet IP address that we are using as the tunnel destination. This will force the Vpn traffic to use the secondary Internet connection.
Site A OpenVpn configuration
! interface Tunnel0 description Tunnel to Site B tunnel mode openvpn tunnel source 184.108.40.206 1194 tunnel destination 0.0.0.0 1194 tunnel key b232292562bde187ae65431ecc643147 tunnel options --float --passtos --dev-type tap pointopoint address 192.168.45.2 ip address 192.168.45.1 255.255.255.252 !
This configuration will listen to incoming Vpn requests from Site B. In this example Site B is behind a Router that is performing NAT. So we are unable to initiate the VPN from the Site A location.
This finishes the OpenVpn Configuration.