This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

howto setup OpenVPN behind load balancer ?

Posted on 03-22-2022 01:26 PM
BigGExpress
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello.

I think this question is simple enough, & is captured in my subject.

Please let me know what further info would help.

I have this setup, but it is not working.

I am unable to reach the OpenVPN instance through the [tcp] load balancer.

Thanks for any guidance.

 

1 7 1,623
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
Clouds
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Security protocols for Virtual Tunnels! or External protocol forwarding, PPTP with Layer 2 forwarding. Although it is not entirely secure, it is paired with the standards IPSec end-to-end encryption between clients and servers?

0 Likes

Posted on --/--/---- --:-- AM
BigGExpress
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Clouds  I do not understand this reply at all.

Perhaps it was mistakenly applied to my question?

0 Likes

Posted on --/--/---- --:-- AM
BigGExpress
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

bump.

 

Any comments?

Should this work?

Should it not work?

 

This works "out of the box" on AWS ...

0 Likes

Posted on --/--/---- --:-- AM
Simrandeep
Staff
Reply posted on --/--/---- --:-- AM

Hello,

You should be able to configure the OpenVPN server instance behind a TCP Load Balancer. You might need to confirm if your use case might require special requirement of configuration as if you want TCP LB or UDP LB. You could follow the documentation[1] to configure the Load balancer and your backend application.

[1] https://cloud.google.com/load-balancing/docs/network

 

0 Likes

Posted on --/--/---- --:-- AM
BigGExpress
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello. Thanks for the reply.

In this case, I need it on UDP (1194) ...

0 Likes

Posted on --/--/---- --:-- AM
BigGExpress
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

bump.

You can try this yourself in ~10 minutes.

I have many functioning GCP NLBs.  I have many functioning OpenVPN servers.

There appears to be an issue combining these two ...

0 Likes

Posted on --/--/---- --:-- AM
GCPJoe
Bronze 1
Bronze 1
In response to BigGExpress
Reply posted on --/--/---- --:-- AM

This is an old post but I thought I'd add my findings. In the past I had avoided using a LB with OpenVPN because I knew there would be issues and shortcomings.  I don't know if you ever found a solution, if you have I'd love to hear it.  

UDP just isn't compatible with passthrough network load balancers. As I understand it UDP is stateless and there will be a loss of source IP address by OpenVPN's kernel and so establishing a connection doesn't seem feasible.  However, OpenVPN works with TCP and UDP so if the vpn client supports TCP as openvpn connect does it should work.  

There are work arounds for supporting UDP on the server side.  I would read through this article to get a better understanding.

https://cloud.google.com/load-balancing/docs/network/udp-with-network-load-balancing

0 Likes
Top Labels in this Space
Top Solution Authors
View all