最近使用 openvpn 发现和和 keepalived 一起使用不是特别完美,就提了个 issue 问了下社区,发现当 openvpn server 存在多个 ip 的时候,需要启用 multihome
- --multihome
- Configure a multi-homed UDP server. This option needs to be used when a server has more than one IP address (e.g. multiple interfaces, or secondary IP addresses), and is not using
--localto force binding to one specific address only. This option will add some extra lookups to the packet path to ensure that the UDP reply packets are always sent from the address that the client is talking to. This is not supported on all platforms, and it adds more processing, so it's not enabled by default.
注意
-
Notes:
-
- This option is only relevant for UDP servers.
- If you do an IPv6+IPv4 dual-stack bind on a Linux machine with multiple IPv4 address, connections to IPv4 addresses will not work right on kernels before 3.15, due to missing kernel support for the IPv4-mapped case (some distributions have ported this to earlier kernel versions, though).
配置多归属 UDP 服务器。当服务器有不止一个 IP 地址(如多个接口或辅助 IP 地址),且没有使用 --local 强制绑定到一个特定地址时,需要使用该选项。该选项将在数据包路径中添加一些额外的查找,以确保 UDP 回复数据包始终从客户端正在通话的地址发送。并非所有平台都支持该选项,而且它会增加更多处理,因此默认情况下不会启用。
- 该选项仅适用于 UDP 服务。
- 如果在有多个 IPv4 地址的 Linux 机器上进行 IPv6+IPv4 双协议栈绑定,由于内核对 IPv4 映射情况的支持缺失,在 3.15 之前的内核上,与 IPv4 地址的连接将无法正常工作(不过有些发行版已将此移植到更早的内核版本)。
配置参考: openvpn.net/community-r…
