Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Open VPN on CARP IP

    OpenVPN
    3
    4
    577
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sai ravi last edited by

      Hi
            I have a Open VPN setup in pfsense. The Open VPN has been configured in such a way that it is working only when the primary firewall is active.So to avail the high availability options i have planned to add the interface IP as VIP instead of firewall's WAN interface ip under Open VPN.

      So do we need to reissue the certificates to end users if we change the interface ip in the Open VPN configuration?

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        You should be able to go into the OpenVPN instance and change the interface to the CARP. No need to touch the clients.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          If the clients are configured to connect to the IP address of the interface and not the VIP you will need to:

          Change the server to listen on the VIP
          Probably generate a new server certificate containing the proper IP address as the CN
          Probably re-issue client configurations to connect to the new IP address

          If they are configured to connect to an FQDN just change the A record to the VIP and tell the OpenVPN server to listen on that instead.

          DNS FTW.

          1 Reply Last reply Reply Quote 0
          • S
            sai ravi last edited by

            Many thanks for your replies.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy