Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Client peer-to-peer tunnels between CARP'd pfsenses

    HA/CARP/VIPs
    2
    3
    301
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tm7677 last edited by

      Two pfsenses, CARP'd together just fine.  One - the CARP Master - has a client Peer-to-peer OpenVPN tunnel back to a NOC Server Pfsense. The other - CARP Backup - has an identical tunnel configured, but currently disabled.  Just verified that the settings are identical, and the P2P Client tunnel in question is set up to use the WAN VIP IP/interface.  However, since it is configured on the Master, and the current Backup pfsense's tunnel is disabled, that will kill tunnel connection to the NOC, correct?  (Obvious question, but still, feel I should ask…)

      The main point of this post is this: IF I enable the tunnel on the Backup pfsense, which is using the same WAN VIP as the Master's P2P tunnel, will that cause routing issues? Or should the two tunnels use unique WAN interfaces, and not the WAN VIP?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        Responses will never reach the backup, since they are directed to the WAN VIP which is used by the master.

        Enable XMLRPC sync of "OpenVPN configuration" in System > 'High Availability Sync'. So the whole OpenVPN settings are synced to the backup automatically and in case of a failover the backup will re-establish the tunnel.

        1 Reply Last reply Reply Quote 0
        • T
          tm7677 last edited by

          Thanks for that! I double checked, and OpenVPN is not selected to sync.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post