Multiple WAN failover
-
- Posts: 5
- Joined: Wed Nov 14, 2018 7:11 pm
Multiple WAN failover
I have a SoftEther VPN Server running on a Windows Server 2016 machine.
Only clients connect, there is no site-site.
If WAN1 fails on the router it automatically switches to WAN2. So we have internet. However clients don't seem to be able to connect while WAN2 is active. I was only able to try for about 5 minutes. Ports are forwarded for both WANs.
Should this work? Anyone have any ideas?
Only clients connect, there is no site-site.
If WAN1 fails on the router it automatically switches to WAN2. So we have internet. However clients don't seem to be able to connect while WAN2 is active. I was only able to try for about 5 minutes. Ports are forwarded for both WANs.
Should this work? Anyone have any ideas?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Multiple WAN failover
Did you change the hostname of destination VPN server?
-
- Posts: 5
- Joined: Wed Nov 14, 2018 7:11 pm
Re: Multiple WAN failover
I have not changed anything. What does softether when internet IP changes, in this case router switches to WAN2.
-
- Posts: 329
- Joined: Wed Sep 18, 2013 1:49 pm
Re: Multiple WAN failover
@Milan187
How are your clients finding your Softether VPN server originally, prior to the WAN 2 failover?
Are they using a static IP or a Hostname?
How are your clients finding your Softether VPN server originally, prior to the WAN 2 failover?
Are they using a static IP or a Hostname?
-
- Posts: 5
- Joined: Wed Nov 14, 2018 7:11 pm
Re: Multiple WAN failover
Just hostname xxxx.softether.net
-
- Posts: 329
- Joined: Wed Sep 18, 2013 1:49 pm
Re: Multiple WAN failover
Just to verify. Your softether VPN server is at the location where the router Wan-1 & Wan-2 failover takes place and It uses the softether built in "Dynamic DNS function" to update/associates your WAN IP address with the VPNXXXXX.softether.net hostname. Which the clients use to connect.
If So, Then when the failover occurs your VPNXXXXX.softether.net hostname (which all the clients are using to find the VPN server) is still associated globally with the original WAN-1 IP address i.e.( 11.22.33.44). But of course nothing connects because WAN-1 is offline and the SoftEther VPN server is NOW listening on the failover WAN-2 IP address i.e.(55.66.77.88).
If the WAN-2 connections stays up long enough for the built in "Dynamic DNS function" to update VPNXXXXX.softether.net to the new WAN-2 IP address (55.66.77.88) the clients would then have access using the VPNXXXXX.softether.net hostname. As long as all ports are forwarded like you said. However I'm not sure how often the updates happen. Most likely ever 10-15 minutes. Also if your setup falls back to the preferred WAN-1 when its back online then it's the same scenario in reverse.
If So, Then when the failover occurs your VPNXXXXX.softether.net hostname (which all the clients are using to find the VPN server) is still associated globally with the original WAN-1 IP address i.e.( 11.22.33.44). But of course nothing connects because WAN-1 is offline and the SoftEther VPN server is NOW listening on the failover WAN-2 IP address i.e.(55.66.77.88).
If the WAN-2 connections stays up long enough for the built in "Dynamic DNS function" to update VPNXXXXX.softether.net to the new WAN-2 IP address (55.66.77.88) the clients would then have access using the VPNXXXXX.softether.net hostname. As long as all ports are forwarded like you said. However I'm not sure how often the updates happen. Most likely ever 10-15 minutes. Also if your setup falls back to the preferred WAN-1 when its back online then it's the same scenario in reverse.
-
- Posts: 5
- Joined: Wed Nov 14, 2018 7:11 pm
Re: Multiple WAN failover
Yes your assumption is correct. One router both at same location as vpn server.
Thanks for the explanation, it's probably the case. I only waited about 5 minutes after I killed WAN1. Probably takes longer. I'll try again.
Thanks.
Thanks for the explanation, it's probably the case. I only waited about 5 minutes after I killed WAN1. Probably takes longer. I'll try again.
Thanks.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Multiple WAN failover
How did you prevent WAN2 take over the DDNS name in normal situation?
-
- Posts: 5
- Joined: Wed Nov 14, 2018 7:11 pm
Re: Multiple WAN failover
WAN2 is set to fall-back only, so it's only activated by router if WAN1 fails.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Multiple WAN failover
Could you try to restart the VPN server service when the failover is detected?