What are the guidelines for using QVPN Service when my QNAP device is in HA mode?
Last modified date:
2025-03-12
Applicable Products
QVPN Service
Details
If you are using QVPN Service on a QNAP device with High Availability (HA) enabled, consider the following to ensure a stable and functional VPN environment:
VPN server limitations in HA mode
- Unsupported VPN protocols: PPTP and L2TP/IPSec (PSK) are not available as VPN server options in HA mode. Use QBelt, OpenVPN, or WireGuard instead. QBelt, QNAP's proprietary VPN protocol, is recommended for better integration with QNAP systems.
- Client-side adjustments: Before enabling HA, manually configure all VPN clients to use a supported protocol to prevent connection issues.
Connection requirements for HA
- Use cluster IP (CIP): Always use the cluster IP instead of the node IP (NIP) when connecting to the VPN. The CIP remains consistent regardless of which NAS is active, ensuring uninterrupted access even during an HA failover or switchover.
- DNS and routing considerations: If your VPN clients rely on a specific DNS configuration, ensure that DNS resolution points to the CIP to prevent connectivity disruptions.
Handling OpenVPN client reconnection
If you are using OpenVPN Connect on your device to connect to QVPN Service on the QNAP device, the connection will not automatically restore after an HA failover or switchover. If a failover or switchover occurs, you must manually reconnect to regain VPN access.
OpenVPN connections are stateful, meaning they maintain an active session with the server. However, HA failover or switchover does not transfer session states between nodes, requiring a manual reconnection.
For further assistance with VPN configuration in an HA environment, contact QNAP Customer Service.
