Realm Host V2 Ha Tunnel — //free\\

The Logic Flow:

to ensure the original server name indication is maintained during the connection process. Connect & Log

Authentication & Security

• Mutual TLS (mTLS) between agent and gateway for strong authentication.
• Short-lived certificates or tokens rotated by the control plane.
• Role-based access controls to restrict which services an agent can reach.
• End-to-end encryption (TLS) for payload; consider additional link-level encryption if required.
• Audit logging of tunnel creation, auth events, and configuration changes.

Preserve SNI Pairing: When used alongside Preserve SNI, it ensures the spoofed host remains consistent throughout the handshake process, increasing the success rate of the connection on strict firewalls. 📋 How to Configure Realm Host v2 To use this feature for custom setups in HA Tunnel Plus:

Step 3: Testing the HA Tunnel

1. Start Realm Host V2 on the client: realm -c /etc/realm/config.toml
2. Run the watchdog script.
3. Simulate failure: Stop Realm on ha-node-01.
4. Observe: Within 5-10 seconds, traffic seamlessly shifts to ha-node-02 with zero reset of established TCP connections if using connection tracking.

Input your working SNI host (e.g., a host specific to your country or ISP). Toggle Realm Host: Look for the checkbox labeled "Use Realm Host (v2)" and ensure it is checked. Optional - Preserve SNI: Many experts recommend also checking "Preserve SNI" alongside Realm Host v2 for maximum compatibility. Why You Should Use It The primary benefit of the v2 update is versatility