OpenVPN and CARP anddress. Problem to reconnect.



  • I have 2 VM setted up as pfsense HA. Vpn working fine on VIP but when my master is down i have no auto reconnecting to the server. What I need to setup to make it work properly?


  • Netgate

    Is the HA side an OpenVPN Client or OpenVPN Server?



  • Sorry, forget to specify. Server.


  • Netgate

    You need to be sure the server is bound to the CARP VIP and the clients are told to connect to the CARP VIP.

    Alternately you can bind the server to localhost and port forward connections into WAN to the localhost server. I like this second method because the servers are both always running and whichever node holds the CARP VIP gets the traffic. There is less that has to happen during failure (stopping the server on the backup node and starting it on the now-active node.)



  • When master is going down I can stop OpenVPN client and start it again. Than I connecting to the new master. The proble is switching beetween nodes when master is down and backup starting to be a master.



  • Clients conneting to VIP of course


  • Netgate

    That is automatic if the OpenVPN server is bound to the CARP VIP. If it is not doing that you have something wrong. What that something is could be anything based on the information given.

    What would probably be telling are the OpenVPN logs from both nodes during a failover and failback. Maybe the system logs.