Open VPN on Virtual IP'S
-
Derelict
I have not mentioned a description of what i think.I mentioned stuffs which was tested in our environment. As said earlier,the option under interface in Open VPN servers has been modified from WAN to one of my VIP.Still it is connecting to the primary firewall WAN IP address and fails when firewall fail over happens.
-
you have to select 127.0.0.1 and PORT as interface to bind in OVPN and not WAN or VIP, then you just open the ports you want the client to come on WAN and VIP and route them to 127.0.0.1 PORT.
this is all. -
Hi n3by
Thanks for the reply.I have uploaded my config.Kindly have a look and do suggest me if any.
 -
Missed Open VPN config attachment
 -
it look ok.
test if a vpn client can establish vpn connection on both wan address and after that you can update config clients -
Again it fails when i switch the traffic from primary to secondary firewall.
In the open VPN window, i can see it still points to the primary wan address when sec firewall acts as Master.
-
Hi n3by
Any configuration update required from clients? -
Do you have 2 gateways ?
Maybe traffic still leave from 1 gateway when you test the 2 WAN …for clients update you just have to add this in config file so it can establish connection to any wan adress:
resolv-retry infinite
remote WAN-address1 1195 udp
remote WAN-address2 1195 udp -
Hi
No i have only one gateway. As mentioned by you in one of the previous replies, i made my VIP as the second WAN address in the port forwards. -
Better try to draw a diagram with you hw config maybe I understand something wrong with what you want to achieve…