Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN on Virtual IP'S

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sai ravi
      last edited by

      Derelict
                        I have not mentioned a description of what i think.I mentioned stuffs which was tested in our environment. As said earlier,the option under interface in Open VPN servers has been modified from WAN to one of my VIP.

      Still it is connecting to the primary firewall WAN IP address and fails when firewall fail over happens.

      1 Reply Last reply Reply Quote 0
      • N
        n3by
        last edited by

        you have to select 127.0.0.1 and PORT as interface to bind in OVPN and not WAN or VIP, then you just open the ports you want the client to come on WAN and VIP and route them to 127.0.0.1 PORT.
        this is all.

        1 Reply Last reply Reply Quote 0
        • S
          sai ravi
          last edited by

          Hi n3by
                        Thanks for the reply.I have uploaded my config.Kindly have a look and do suggest me if any.

          ![Open VPN Conf- NAT.png](/public/imported_attachments/1/Open VPN Conf- NAT.png)
          ![Open VPN Conf- NAT.png_thumb](/public/imported_attachments/1/Open VPN Conf- NAT.png_thumb)

          1 Reply Last reply Reply Quote 0
          • S
            sai ravi
            last edited by

            Missed Open VPN config attachment

            ![Open VPN Conf- Interfaces.png](/public/imported_attachments/1/Open VPN Conf- Interfaces.png)
            ![Open VPN Conf- Interfaces.png_thumb](/public/imported_attachments/1/Open VPN Conf- Interfaces.png_thumb)

            1 Reply Last reply Reply Quote 0
            • N
              n3by
              last edited by

              it look ok.
              test if a vpn client can establish vpn connection on both wan address and after that you can update config clients

              1 Reply Last reply Reply Quote 0
              • S
                sai ravi
                last edited by

                Again it fails when i switch the traffic from primary to secondary firewall.

                In the open VPN window, i can see it still points to the primary wan address when sec firewall acts as Master.

                1 Reply Last reply Reply Quote 0
                • S
                  sai ravi
                  last edited by

                  Hi n3by
                                Any configuration update required from clients?

                  1 Reply Last reply Reply Quote 0
                  • N
                    n3by
                    last edited by

                    Do you have 2 gateways ?
                    Maybe traffic still leave from 1 gateway when you test the 2 WAN …

                    for clients update you just have to add this in config file so it can establish connection to any wan adress:
                    resolv-retry infinite
                    remote WAN-address1 1195 udp
                    remote WAN-address2 1195 udp

                    1 Reply Last reply Reply Quote 0
                    • S
                      sai ravi
                      last edited by

                      Hi
                          No i have only one gateway. As mentioned by you in one of the previous replies, i made my VIP as the second WAN address in the port forwards.

                      1 Reply Last reply Reply Quote 0
                      • N
                        n3by
                        last edited by

                        Better try to draw a diagram with you hw config maybe I understand something wrong with what you want to achieve…

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.