Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and CARP anddress. Problem to reconnect.

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 785 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alexniko
      last edited by

      I have 2 VM setted up as pfsense HA. Vpn working fine on VIP but when my master is down i have no auto reconnecting to the server. What I need to setup to make it work properly?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Is the HA side an OpenVPN Client or OpenVPN Server?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          alexniko
          last edited by

          Sorry, forget to specify. Server.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You need to be sure the server is bound to the CARP VIP and the clients are told to connect to the CARP VIP.

            Alternately you can bind the server to localhost and port forward connections into WAN to the localhost server. I like this second method because the servers are both always running and whichever node holds the CARP VIP gets the traffic. There is less that has to happen during failure (stopping the server on the backup node and starting it on the now-active node.)

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              alexniko
              last edited by

              When master is going down I can stop OpenVPN client and start it again. Than I connecting to the new master. The proble is switching beetween nodes when master is down and backup starting to be a master.

              1 Reply Last reply Reply Quote 0
              • A
                alexniko
                last edited by

                Clients conneting to VIP of course

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by Derelict

                  That is automatic if the OpenVPN server is bound to the CARP VIP. If it is not doing that you have something wrong. What that something is could be anything based on the information given.

                  What would probably be telling are the OpenVPN logs from both nodes during a failover and failback. Maybe the system logs.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.