New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Robust VPN solution among VPSes
Hello LETers,
as many of you I have many VPSes hosted by various providers. My plan is to get unified VPN among those VPSes.
I thought about configuring this, using softether or openvpn. But the biggest issue in my thoughts was that if the VPN server (which would be one of the VPSes) goes down, the whole VPN will stop working. Is there more robust solution for achieving this? Something like peer-to-peer adhoc VPN?
Thanks for advices and tips.
Comments
Softether cluster, already documented on their site.
Do you mean like this?
You->VPN1->VPN2->VPN3->VPN4->VPN5->VPN6->VPN7->VPN8->Internet
If so, maybe have a script on each VPS that pings the VPS it connects to (or checks if the VPN port is up) and if it fails it skips it.
Some quick code to illustrate my idea (run on VPN1):
#!/bin/bash if /bin/mkdir /var/lock/vpnping; then ping -c2 vpn2 > /dev/null 2>&1 if [ $? -ne 0 ] ; then mv /path/to/vpnconfig /path/to/vpnconfig1.BAK mv /path/to/vpnconfig2.BAK /path/to/vpnconfig <command to connect to VPN using configs> exit 1 fi /bin/rm -rf /var/lock/vpnping exit 1 else /bin/echo "Lock failed - exit" >&2 exit 1 fi
Actual code will be different depending on the VPN protocol you use, this is just an example to give you an idea.
Basically you'd have 2 VPN configuration file sets, one that will connect VPN1 to VPN2 and one that will connect VPN1 to VPN3, if VPN1 can't reach VPN2 it will swap the configuration file sets and then connect to the VPN in the configuration files.
I think Tinc VPN is what you're after. It's a mesh based VPN, it also takes the shortest route between each node and isn't centralised.
There's auto reconnect. I do tend to restart my Softether server from time to time and my other connected machines do reconnect seconds after.
Thank you all for your suggestions.
Tinc VPN came out as the ideal solution for me.