CARP & OpenVPN
-
Hi all,
is there a way to configure OpenVPN server with à CARP VIP failover solution ?
I'm using pfsense 1.2RC4
Best regards
JMB
-
Up ??? ???
-
nobody ??? :'( :'(
-
No. OpenVPN state would not be sync'd to the other CARP members.
-
OK, thanks for that
so using the remote-random option on the client side will do the job for the moment
Regards
-
hi jmbo,
I m setting one solution with carp and openvpn .
some intersting thing happen .
im my setup
PFsense A - wan is 199.a.b.52 it's master CARP
PFsense B - wan is 199.a.b.53
VIP wan is 199.a.b.2i am using port 1194 TCP on openVPN
and an road-warrior client calling address 199.a.b.2 connect with success
calling address 199.a.b.52 connect with success
calling address 199.a.b.53 no connection
and client log show this :Sat Feb 09 12:47:02 2008 us=265000 TCPv4_CLIENT READ [22] from 199.a.b.53:1194: P_ACK_V1 kid=0 [ 30 ]
pid=32 DATA len=90
Sat Feb 09 12:47:02 2008 us=468000 AUTH: Received AUTH_FAILED control message
Sat Feb 09 12:47:02 2008 us=468000 TCP/UDP: Closing socket
Sat Feb 09 12:47:02 2008 us=468000 SIGTERM[soft,auth-failure] received, process exitingAny ideia ?
we can test our configs to found an solution ?
-
All working…..
i Have two boxes configured with CARP ... all is working ....
the problems with OpenVPN stops when .. i Deleted all related OpenVPN on Master .
look , may master (first box ) was configured with openVPN when i decided to have an Carp solution (second box)step by step i did:
- Backup all data on OpenVPN config page (Ca.crt, server.key, server.crt, server.dh) and clean all fields.
- deleted server config on OpenVPN.. when all was clen in both boxes . reboot.
- with master box off i did all OpenVPN config on the slave box, then started master box and did config too. The config are exactly same.
in my Road-warriors clients i did a connection to 1194 TCP on the VIP address of WAN .
now my clients can connect in master or slave box, when master goes down connection are dropped and in seconds restablished. When master returns again, connections are dropped and reconnected .
No more errors connecting on the slave when master was off.