[Openvpn-users] Load balancing between multiple OpenVPN endpoints in a site-to-site configuration.

[josh <do...@gm...>]

Hi.
        So we have a bunch of OpenVPN clients from different locations all
        talking back to a single OpenVPN endpoint running on a Sun V65/Solaris
        5.10.

        The plan is to migrate them to a pair of Sun T1000's also running
        Solaris 5.10.

        Each client is served up a bunch of unique routes to get back to that
        specific location.

        What's the best way to utlize two T1000's instead of one (for failover
        and capacity reasons, in theory we could have close to 1000 clients
        terminating into these OpenVPN endpoints) and still be able to route
        appropriately based on which T1000 they are connected to.

        We thought about using a VIP on the front end served up via CARP, then
        running ripng on the back end for announcing the routes into the Cisco
        environment, but I am open to suggestions.

        Another option is to just split the clients, pointing half and one T1000
        and the other half at another, but then the problem is if you lose one
        of them, you have to either assign a secondary IP to the "live" and make
        manual route changes.

        I know that you can use the "remote-random" feature to alternate between
        several vpn servers, but that does not address the issue of determining
        from the internal networks which T1000 one would use to get back to the
        VPN client. (this is a site-to-site VPN scenario)

        Thanks in advance,
        Josh