Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openvpn client failover ... fails

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 276 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tiwing
      last edited by tiwing

      Hi, just posted a successful HA setup diagram in another thread (also attached below). It's successful when I have a LAN and GUEST firewall rule that ignores the VPN. But when I have rules for VPN running the secondary/failover HA box does not make a connection, and after weeks of messing with it I still can't figure out why. Primary works perfectly, always, so I think the RULES are fine. I think. Do any of you have any idea what's going on ?? Could it be related to resolver settings?

      I have policy routing set up as follows:
      12f8c134-7b43-4f64-a08a-7692a82c3f46-image.png

      LAN Firewall rules set up like this:

      • where alias DEST_VPN_BYPASS is a list of ip addresses that will go to WAN regardless of which device access the IP (primarily work VPN IP)
      • where HOST_VPN_BYPASS is a list of internal IPs that will always bypass the VPN for various reasons, including a NGINX reverse proxy that's accessible through a dynamic IP service.

      98db10ec-2eed-4b68-be81-d84d174bd009-image.png

      94d0a0b2-bb6b-4e2c-a329-56e988aa8335-image.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.