Carp. OpenVPN client - permanent connection and disconnection

alexanko

@alexanko
"...There might be some techniques to make failover faster, but that depends on exactly how you have it set up, what kind of OpenVPN connections you're talking about, etc...." - what methods can automate the switching of openVPN client between master and backup

Derelict

I have no idea what you are trying to communicate there. Sorry.

alexanko

Thank you very much

Derelict

@alexanko

How to do auto switch?

Bind the OpenVPN server to the CARP VIP.

alexanko

@Derelict

I have configured carp, and everything works fine when switching (master / backup status) between servers, except for one service - "openVPN CLIENT".
Servise - "openVPN SERVER" - works correctly when rebooting (crashing) servers: "ON status - on master pfsense server and OFF - on backup pfsense server"

Derelict

You need to tell the OpenVPN server to listen on a CARP VIP, not the interface address.

When you do that the server will only run on the node currently holding CARP MASTER.

Same thing with the client. Set the interface to the CARP VIP.

alexanko

@Derelict said in Carp. OpenVPN client - permanent connection and disconnection:

You need to tell the OpenVPN server to listen on a CARP VIP, not the interface address.
When you do that the server will only run on the node currently holding CARP MASTER.
Same thing with the client. Set the interface to the CARP VIP.

"You need to tell the OpenVPN server to listen on a CARP VIP, not the interface address." - It was done. Сonfigured initially
"When you do that the server will only run on the node currently holding CARP MASTER." - Configured initially. The openvpn SERVER is working correctly.
"Same thing with the client. Set the interface to the CARP VIP." - Installed .. service does not work correctly

alexanko

@Derelict
When I bind OVPN Client to CARP VIP interface I see two concurent connections on remote OVPN server from real IPs of my master and backup PFSense

alexanko

@alexanko

Derelict

Did you properly set the CARP VIPs on that gateway group?

alexanko

@Derelict said in Carp. OpenVPN client - permanent connection and disconnection:

Did you properly set the CARP VIPs on that gateway group?

The problem has been resolved.
First, in the settings, OpenVPN / clients / interface installed a group of gateways (consisting of 3 WANs).
When I replaced the WAN gateway group with one of the VIP WANs - carp.failover - service-VPNclient switched correctly ...
thank

Derelict

You can use a gateway group but you have to set up the gateway group using CARP VIPs.

alexanko

@Derelict
Super. Fine. Exactly what is needed !