How to scale OpenVPN when client-to-client is a must?

roee klinger

1/2/23, 7:44 PM

I am trying to create an OpenVPN server cluster that can autoscale, I have found a lot of information online on how to create such a network.

As far as I understand, you basically use a round-robin DNS, and few OpenVPN servers, the clients simply connect to the DNS and are assigned one of the OpenVPN servers to connect to.

However, my setup requires that all clients will be visible to each other, so I am using the client-to-client configuration. If each of the clients will be assigned a random OpenVPN server, they will not be able to communicate with each other, only clients that happened to be on the same exact server will be able to communicate.

How do I scale an OpenVPN cluster that needs client-to-client communication on all clients?

102

1 + 0

networking

performance

openvpn

Score:3

Server

Zoredache

1/3/23, 12:16 AM

Have some name resolution, or name registration system so that clients on all VPN servers register their name and IP they get assigned, so they can resolve and connect to each other by IP.

Then just make sure you setup routing properly and don't use any NAT on the VPN servers. So if you have 192.168.100.0/24 on VPN, and 192.168.101.0/24, setup IP routing so those two subnets can reach each other.

This would mostly just be a standard site-to-site VPN routing setup which also requires proper routing setup. Just have multiple servers set up.

0 + 2

roee klinger

1/3/23, 7:12 AM

The first part I understand and have already set up, on the second part I am a bit confused. Let’s say I have 2 servers (192.168.101.1, 192.168.102.1) and each has 2 clients (192.168.101.2 + 191.168.101.3 and 192.168.102.2 + 192.168.102.3), now I want 192.168.101.2 to be able to talk to 192.168.102.3 for example, how would I start working on that?

Zoredache

1/3/23, 8:38 AM

Are you using TAP (bridging)? The addresses you showed me suggests you are? Bridging generally sucks, avoid that. Use tun (routed) VPNs, then it is just standard IP routing. Create routes on each device for networks on the other.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to scale OpenVPN when client-to-client is a must?

TH: จะปรับขนาด OpenVPN ได้อย่างไรเมื่อต้องมีไคลเอนต์ต่อไคลเอนต์

RO: Cum să scalați OpenVPN atunci când client-la-client este o necesitate?

RU: Как масштабировать OpenVPN, когда необходимо взаимодействие «клиент-клиент»?

VI: Làm cách nào để mở rộng quy mô OpenVPN khi bắt buộc phải có máy khách?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.