[sc:internet-category ]I setup OpenVPN clustering a while ago (ok more than a while) and it’s been working pretty well. I have noticed though that when I did a failover I wouldn’t be able to connect to the secondary node sometimes. Which kind of defeated the purpose of the clustering 🙁
Of course I don’t fail over very often, but I had a BSOD on my VM host server a few weeks ago which forced the failover to happen and I noticed it as I was out-of-town for a few days. I tracked the problem down to how OpenVPN (or more precisely UCARP) handles the failover.
When the primary node goes down, UCARP transfers the IP address to the secondary node. However my switch/router doesn’t see the change right away as it’s ARP cache still thinks the IP address is associated with the MAC address of the primary node. If you wait long enough, the router/switch expires the ARP cache and things work again, but that’s kind of annoying when you really need something remotely.
Doing a bit of searching around I found arping, which does an ARP level ping to a device. Adding a quick call to arping in the activation script (/etc/local/openvpn_as/scripts/) seems to have cleared up the problem.