Openpvn client cannot connect to WAN CARP VIP
-
Hi All,
I have a pair of SG-4860 running the latest version of pfSense.
I have configured CARP on WAN and 2 LANS.
WAN CARP IP is x.x.x.1 (x.x.x.2 and x.x.x.3 - master and slave respectively).I can not connect to the WAN CARP VIP (x.x.x.1). I can connect though
to either master or slave.I modified the interface field on my vpn server ( VPN -> OpenVPN -> Server ) changed
WAN to x.x.x.1 WAN CARP IP.I still can not connect to WAN CARP IP. Also not connecting now to master and salve.
On the OPenVPN firewall rules there is no to select WAN CARP VIP as the interface.TIA
-
I got it connecting to x.x.x.1. In the rule for openvpn I had to set destination from 'Wan address' to 'single host or alias'
and put x.x.x.1 in the address field.Now I have another issue, I can not connect to any internal lan boxes expect for the lan ip address of the openvpn server.
-
Are your LAN boxes set to use pfSense as default gateway?
-
Right at this moment no. The pfsense boxes are new and in the middle of getting tested.
I do have test box and I configured it's default gateway to be the pfsense and I can get to it now.We have two internet service providers. one is used for the main business (server)
one for workstations, mainly used for common internet stuff such as downloading
and web browsing.We are currently using openvpn running on Debian linux with iptables as the firewall.
The openvpn on that one was configured to used bridging, I guess that's why it doesn't
matter if a box or server is using either of the the internet service provider as the gwatway.
It is accessible because of ip address of the openvpn client is bridged.Thanks for the help.
-
You can get it work on pfSense which isn't your default gateway anyhow by nating vpn client addresses to the pfSense LAN address using outbound NAT or by adding a static route for the vpn tunnel subnet to your LAN boxes.
-
That is good to know. Thank you very much for your help. Really appreciate it.