tinc with ha firewall
mlist
mlist at apsystems.it
Fri Jan 22 10:12:03 CET 2016
Hi, I have HA firewalls configuration (keepalived) on one site. Each firewall has its own IP and a Virtual IP (VIP) that keepalived activate on one of the firewall (active/passive HA configuration).
I think I can set all two firewalls with same configuration, generating key pairs on one firewall and copying that to the second, so the remote host can see always one of the other firewall as the same:
Remote host see always:
- Some IP (active firewall VIP)
- Uses only one public key (private is the some on two firewalls)
- We can rsync all /etc/tinc content on two firewalls
- We can start/stop active/passive firewall with keepalived failover script
We do not tested this mechanism as now, we'll do that as soon as possible.
Can this configuration works ?
Has tinc a specific HA scenario configuration or a bast practice ?
Thank you
Best Regards
Roberto
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160122/e5e1ea7b/attachment.html>
More information about the tinc
mailing list