tinc to create VPN between cluster nodes (at different datacenters) for High Availability
Guus Sliepen
guus at tinc-vpn.org
Wed May 10 19:54:59 CEST 2017
On Tue, May 09, 2017 at 06:24:55PM -0500, John Griessen wrote:
> I've not really dug into testing tinc yet, but if you all will humor me in an uneducated blast of questions,
> I'd appreciate it.
>
> What can you do to keep tinc going if your high availability comes from cluster nodes being dispensable?
> Can tinc run on the cluster nodes?
> That seems like chicken/egg problem though to get tinc server installed and cluster nodes brought up...
> If tinc needs to be providing gateways separately from the cluster nodes, how do you make tinc high available?
> Install tinc on more than one simple VPS nodes?
> Would this scenario always require your hosting provider to offer a kind of private network?
There are two ways to do high-availability with tinc. Assuming you want
to have multiple distinct "exit nodes" on the VPN (that provide a
default gateway for other nodes), then just assign Subnet = 0.0.0.0/0 to
each of the exit nodes. The other nodes will then choose one of those
that is online. So if they are using one that goes offline, they will
switch to another one.
The other way is to set up the exit nodes identically (same Name, same
public/private key), but as I already mentioned in the response to
Bright Zao's question, only one of them should ever be up at the same
time. Depending on your setup, you might be able to use an external
high-availability solution to ensure that. The other nodes then just see
one exit node, but you specify multiple Address statements for it (one
for each physical exit node). Tinc will try each address in turn until
it finds a working one. If the node it's connected to goes down, it will
try another address to reconnect.
So yes, it can be done by just running tinc on your cluster nodes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170510/f037d8a1/attachment.sig>
More information about the tinc
mailing list