PfSense 2.4.2P1 - OpenVPN with CARP VIP

  • Greetings all,

    Having problems getting OpenVPN working with a CARP VIP on the WAN side.  Using the WAN IP works fine with OpenVPN, but I can't seem to find the magic to make it work on the CARP VIP.

    Some details (example IPs):
    pfSense1 - WAN IP -
    pfSense2 - WAN IP -

    CARP is working properly as I can switch between active/standby with no issues.

    Setup OpenVPN (using same settings as WAN IP OpenVPN config except the following)

    --> VPN-->OpenVPN-->Servers-->Add
    --> Interface: (WAN VIP)
    --> Protocol: UDP
    --> Port 1201

    Firewall-->Rules-->Add (WAN)
    Action: Pass
    Interface: WAN
    Protocol: UDP4
    Source: *
    Destination: Single Host or Alias:
    Destination Port: 1201

    However, my OpenVPN client (Viscosity on Mac) just stays stuck on Connecting.  The OpenVPN status window never shows a connection.

    For what it's worth, I even tried using the "localhost" method (OpenVPN listens on and set a NAT on the WAN VIP to port forward 1201 to

    I must be missing something simple but can't see it yet.

    Any pointers?

  • LAYER 8 Netgate

    The first thing I would do is packet capture on WAN for the WAN VIP, UDP, port 1201 and attempt a connection from the outside.

    See if the traffic is even arriving. Be sure the destination MAC adddress is the CARP MAC.

  • Thanks for the assist.  Turns out, I had to generate a new VPN profile for my client to get it working.  Editing the old VPN config (changing port numbers and IPs) did not work…

Log in to reply