similar to: tinc with ha firewall

Hi Saverio, I found conflict: 172.16.1.10 00:50:56:1b:ba:5e VMware, Inc. 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 2) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 3) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 4) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 5) So my assumptions were wrong ! :D Probably Virtual

This is what I want to avoid :D I want an active Tinc virtual interface active with ip identical of the other firewall, without ip conflict on the same network. Do you know if Tun type virtual interface on one host can have same ip address of another host in the same network without ip conflict ? ie if a tun virtual interface can work active without transmitting on real network ? or if such a

This is a vpn for Disater Recovery sites, so it is not necessary to have a seamless failover, strictly speaking. Encryption instead is mandatory. Testing we found that on Keepalived failover remote Tinc take few seconds to reset the connection and correctly re-connect to the new active firewall (probably new firewall resetting the connection + PingTimeout + some seconds to reconnect). This is

Hi, I have HA firewalls configuration (keepalived) on one site. Each firewall has its own IP and a Virtual IP (VIP) that keepalived activate on one of the firewall (active/passive HA configuration). I think I can set all two firewalls with same configuration, generating key pairs on one firewall and copying that to the second, so the remote host can see always one of the other firewall as the

I think it should work at least for TUN virtual interface as TUn works at IP level. This is a sample configuration. firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - "Physical Network Interface" - system config as ifcfg-... 172.16.1.10/19 (VIP Keepalived Make active) - Active/Passive configuration with firewall2 firewall1 vpndr1

I tested a little more... tincd does not create virtual interface device correctly on CentOS 7, I don't know where tincd stop, probably on " System call `getaddrinfo' failed: Name or service not known" I sent you before. Keepalived return that error I shown on every ip command but this is not a problem now, I'll see this as soon as possible. If I execute these commands tun

Executing: ip tuntap add vpndrif mode tun return Keepalived errors show when tincd start: Jan 22 23:41:19 Keepalived_vrrp[1999]: Netlink: filter function error Jan 22 23:41:19 Keepalived_healthcheckers[1998]: Netlink: filter function error Jan 22 23:41:19 systemd-sysctl[23246]: Overwriting earlier assignment of kernel/shmmax in file '/etc/sysctl.d/99-sysctl.conf'. Jan 22 23:41:19

No parameters using DNS. - tinc.conf content Name = sito1 AddressFamily = ipv4 BindToAddress = <IPPUB>:665 BindToInterface = int Device=/dev/net/tun Interface = vpndrif Mode = router PingInterval = 60 PingTimeout = 5 ProcessPriority = normal - host/sito1 content Address = <IPPUB>:665 Subnet = <IPLOCAL>/<NETMASK> Port = 655 -----BEGIN RSA PUBLIC KEY----- ... -----END

I have 2 firewall in HA with keepalived. Can I use active the same tinc configuration on 2 firewalls ? using tun Interface with same ip on all 2 nodes is a problem ? tun device advertise itself on the network having an IP/MAC pairs (ARP) or the IP is only used by the system internally for routing so using the same configuration is right ? so one firewall be active, the other is passive. With this

Hi I have two server directors in ring and 5 dovecot servers (2.2.36) IP for IMAP and POP3 is a VIP (keepalived) What is the best solutions to get realy HA for 5 dovecot servers ? Maby corosync+pacemeker ? But this solution is too problematic and hardcore Why I need HA ? Doveadmin is too lazy and doveadm director does not know that one machine broke down and still sends traffic

On 02/25/2018 08:29 PM, TomK wrote: > Hey Guy's, > > A success story instead of a question. > > With your help, managed to get the HA component working with HAPROXY and > keepalived to build a fairly resilient NFS v4 VM cluster.? ( Used > Gluster, NFS Ganesha v2.60, HAPROXY, keepalived w/ selinux enabled ) > > If someone needs or it could help your work, please PM

Hi System debian 8.11 and dovecot-2.2.36.4 My webmail is roundcube with imapproxy. I have one problem. My dovecot servers is are in a cluster with keepalived like: dovecot1----VIP-IP--------dovecot2 All works fine I have a problem with imapproxy when a server dovecot1 had a problem (kernel panic sic!) Keepalived works perfecty and moved VIP to dovecot2 - all works fine for normal users but

Hey Guy's, A success story instead of a question. With your help, managed to get the HA component working with HAPROXY and keepalived to build a fairly resilient NFS v4 VM cluster. ( Used Gluster, NFS Ganesha v2.60, HAPROXY, keepalived w/ selinux enabled ) If someone needs or it could help your work, please PM me for the written up post or I could just post here if the lists allow it.

I would like to see the steps for reference, can you provide a link or just post them on mail list? On Mon, Feb 26, 2018 at 4:29 AM, TomK <tomkcpr at mdevsys.com> wrote: > Hey Guy's, > > A success story instead of a question. > > With your help, managed to get the HA component working with HAPROXY and > keepalived to build a fairly resilient NFS v4 VM cluster. ( Used

has anyone expereience with setting this up or better yet documented this procedure?? I have gotten samba to talk to my ldap 2.0x server but it will not allow me to use the net command to modify group mappings. I am including a dump of my samba log at debug level 10 when I issue these commands and the general section of my smb.conf file. --- commands issued [root@bast samba]# bin/net

> On 08/04/2020 16:11 Maciej Milaszewski <maciej.milaszewski at iq.pl> wrote: > > > Hi > System debian 8.11 and dovecot-2.2.36.4 My webmail is roundcube with > imapproxy. > > I have one problem. > > My dovecot servers is are in a cluster with keepalived like: > > dovecot1----VIP-IP--------dovecot2 > > All works fine > > I have a problem

Prior to upgrading to CentOS 7.4 everything was fine, after upgrade I'm seeing /etc/keepalived# keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console --log-detail --dump-conf -m -v Starting VRRP child process, pid=17224 Registering Kernel netlink reflector Registering Kernel netlink command channel Registering gratuitous ARP shared channel Opening file

When I try to logon to my windows XP box I get the following error message from windows: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security.

I am having problems with putting users into LDAP I am getting a message about 'parent does not exist'. Does anyone know what this means?? --- Debug Level 10 output of 'smbpasswd -a -m jeff-w$' --- [root@bast samba]# bin/smbpasswd -a -m jeff-w$ -D 10 Netbios name list:- my_netbios_names[0]="BAST" Trying to load: ldapsam:ldap://bast.picotech.net/ Attempting to register

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I