tag:blogger.com,1999:blog-9238405.post7311029219198682753..comments2024-03-18T02:04:50.380-07:00Comments on Agile Testing: Accessing the data center from the cloud with OpenVPNGrig Gheorghiuhttp://www.blogger.com/profile/17863511617654196370noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-9238405.post-80852961071748768562012-02-11T06:59:10.511-08:002012-02-11T06:59:10.511-08:00I don't know how others have done it but thoug...I don't know how others have done it but thought I'd leave my thoughts here seeing as I've been using this style set-up in production From Ec2 to Datacenter for about 6 months now. Each server in EC2 we run has openVPN client automatically configured and running, when its started it connects up to the openVPN server and everything has been working great. The more routes/IPs available at the OpenVPN server end the better just for protection of failing links into your datacenter really.<br /><br />The connection has been really reliable for each server and not really had any problems with the set-up at all (of which its a critical part of our application). One thing I'll add is the following that should be added to your configs...<br /><br />Server Side<br />keepalive 2 6 #This is so that the client side if connection failure does occur, should work out the connection has failed sooner than usual and then start recovery and try re-connecting. I found these values to work pretty well much lower and I noticed traffic speed through the tunnel was badly impacted.<br /><br />Client Side<br />connect-retry 1 #This is again for speed of re-negotiating connections on VPN failure. Though i can say this happens pretty much never and is more helpful when restarting the OpenVPN server so that clients re-connect quickly.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-34783286644257452982011-11-11T09:36:15.314-08:002011-11-11T09:36:15.314-08:00Hi Anubhav - haven't implemented it yet in pro...Hi Anubhav - haven't implemented it yet in prod...sorry.Grig Gheorghiuhttps://www.blogger.com/profile/17863511617654196370noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-68717072421264112152011-11-11T03:34:29.335-08:002011-11-11T03:34:29.335-08:00Is there any update of this being used in producti...Is there any update of this being used in production? Really appreciate your effort. Thanks mate!Anubhavnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-32386892099564985352011-09-14T14:42:09.513-07:002011-09-14T14:42:09.513-07:00Chris -- unfortunately I don't have any follow...Chris -- unfortunately I don't have any follow-up comments. I haven't put this in production yet.<br /><br />GrigGrig Gheorghiuhttps://www.blogger.com/profile/17863511617654196370noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-41325808095663215552011-09-14T14:38:17.637-07:002011-09-14T14:38:17.637-07:00This is a very important blog post for setting up ...This is a very important blog post for setting up multi-region cloud services, such as MongoDB Replica Sets where a secure and encrypted connection is needed between servers in different data centers.<br /><br />Do you have any follow-up comments or changes that you can share since posting this?Chris F.noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-24984970048393003992011-08-25T07:38:05.338-07:002011-08-25T07:38:05.338-07:00I'll try this out this weekend. An office mat...I'll try this out this weekend. An office mate has been playing around with OpenVPN but I've never given it the attention it should.<br /><br />I'm using Ubuntu 10.10. Do you think the process will work the same? My office mate said no.Amelia @ IT Managementhttp://www.invgate.comnoreply@blogger.com