PfSense 2.4.2P1 - OpenVPN with CARP VIP
-
Greetings all,
Having problems getting OpenVPN working with a CARP VIP on the WAN side. Using the WAN IP works fine with OpenVPN, but I can't seem to find the magic to make it work on the CARP VIP.
Some details (example IPs):
–-----------------------
WAN CARP VIP: 99.99.99.1
pfSense1 - WAN IP - 99.99.99.2
pfSense2 - WAN IP - 99.99.99.3CARP is working properly as I can switch between active/standby with no issues.
Setup OpenVPN (using same settings as WAN IP OpenVPN config except the following)
--> VPN-->OpenVPN-->Servers-->Add
--> Interface: 99.99.99.1 (WAN VIP)
--> Protocol: UDP
--> Port 1201Firewall-->Rules-->Add (WAN)
Action: Pass
Interface: WAN
Protocol: UDP4
Source: *
Destination: Single Host or Alias: 99.99.99.1
Destination Port: 1201However, my OpenVPN client (Viscosity on Mac) just stays stuck on Connecting. The OpenVPN status window never shows a connection.
For what it's worth, I even tried using the "localhost" method (OpenVPN listens on 127.0.0.1) and set a NAT on the WAN VIP to port forward 1201 to 127.0.0.1.
I must be missing something simple but can't see it yet.
Any pointers?
-
The first thing I would do is packet capture on WAN for the WAN VIP, UDP, port 1201 and attempt a connection from the outside.
See if the traffic is even arriving. Be sure the destination MAC adddress is the CARP MAC.
-
Thanks for the assist. Turns out, I had to generate a new VPN profile for my client to get it working. Editing the old VPN config (changing port numbers and IPs) did not work…