PfSense 2.4.2P1 - OpenVPN with CARP VIP



  • Greetings all,

    Having problems getting OpenVPN working with a CARP VIP on the WAN side.  Using the WAN IP works fine with OpenVPN, but I can't seem to find the magic to make it work on the CARP VIP.

    Some details (example IPs):
    –-----------------------
    WAN CARP VIP: 99.99.99.1
    pfSense1 - WAN IP - 99.99.99.2
    pfSense2 - WAN IP - 99.99.99.3

    CARP is working properly as I can switch between active/standby with no issues.

    Setup OpenVPN (using same settings as WAN IP OpenVPN config except the following)

    --> VPN-->OpenVPN-->Servers-->Add
    --> Interface:  99.99.99.1 (WAN VIP)
    --> Protocol: UDP
    --> Port 1201

    Firewall-->Rules-->Add (WAN)
    Action: Pass
    Interface: WAN
    Protocol: UDP4
    Source: *
    Destination: Single Host or Alias:  99.99.99.1
    Destination Port: 1201

    However, my OpenVPN client (Viscosity on Mac) just stays stuck on Connecting.  The OpenVPN status window never shows a connection.

    For what it's worth, I even tried using the "localhost" method (OpenVPN listens on 127.0.0.1) and set a NAT on the WAN VIP to port forward 1201 to 127.0.0.1.

    I must be missing something simple but can't see it yet.

    Any pointers?


  • Netgate

    The first thing I would do is packet capture on WAN for the WAN VIP, UDP, port 1201 and attempt a connection from the outside.

    See if the traffic is even arriving. Be sure the destination MAC adddress is the CARP MAC.



  • Thanks for the assist.  Turns out, I had to generate a new VPN profile for my client to get it working.  Editing the old VPN config (changing port numbers and IPs) did not work…