Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN on CARP IP

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 852 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sai ravi
      last edited by

      Hi
            I have a Open VPN setup in pfsense. The Open VPN has been configured in such a way that it is working only when the primary firewall is active.So to avail the high availability options i have planned to add the interface IP as VIP instead of firewall's WAN interface ip under Open VPN.

      So do we need to reissue the certificates to end users if we change the interface ip in the Open VPN configuration?

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        You should be able to go into the OpenVPN instance and change the interface to the CARP. No need to touch the clients.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          If the clients are configured to connect to the IP address of the interface and not the VIP you will need to:

          Change the server to listen on the VIP
          Probably generate a new server certificate containing the proper IP address as the CN
          Probably re-issue client configurations to connect to the new IP address

          If they are configured to connect to an FQDN just change the A record to the VIP and tell the OpenVPN server to listen on that instead.

          DNS FTW.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • S
            sai ravi
            last edited by

            Many thanks for your replies.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.