4. Open VPN on CARP IP

Open VPN on CARP IP

  • S

    Hi
          I have a Open VPN setup in pfsense. The Open VPN has been configured in such a way that it is working only when the primary firewall is active.So to avail the high availability options i have planned to add the interface IP as VIP instead of firewall's WAN interface ip under Open VPN.

    So do we need to reissue the certificates to end users if we change the interface ip in the Open VPN configuration?

    0

  • You should be able to go into the OpenVPN instance and change the interface to the CARP. No need to touch the clients.

    0
  • LAYER 8 Netgate

    If the clients are configured to connect to the IP address of the interface and not the VIP you will need to:

    Change the server to listen on the VIP
    Probably generate a new server certificate containing the proper IP address as the CN
    Probably re-issue client configurations to connect to the new IP address

    If they are configured to connect to an FQDN just change the A record to the VIP and tell the OpenVPN server to listen on that instead.

    DNS FTW.

    0
  • S

    Many thanks for your replies.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy