HA OpenVPN - Can't reach secondary node
-
Hi all,
I'm having issues reaching my slave/secondary node on VPN clients. I found the article titled Troubleshooting VPN Connectivity to a High Availability Secondary Node and proceeded to add the entry as a
Manual Outbound NAT
:Interface: LAN Source: 10.4.10.0/24 (VPN subnet) Destination: OpenVPNCARP DestinationPort: * NATAddress: LAN address NATPort: * OpenVPNCARP (alias): 10.0.100.2 (primary) 10.0.100.3 (secondary) LAN Network: 10.0.100.0/24
I can easily access the WebUI on the
primary
but cannot even ping thesecondary
let alone access its WebUI. Is there something I'm missing? Thanks! -
Th destination should be the address you are trying to reach. This solution works.
-
The address is the destination I'm trying to reach but somehow any VPN clients on the VPN subnet cannot reach the
secondary
at10.0.100.3
. My OpenVPN interface has an allow all rule as well which should allow me to reach it yet I never can on any device. -
Yeah. Because the only firewall that has a route back to the VPN clients is the primary that is hosting the VPN server.
https://docs.netgate.com/pfsense/en/latest/highavailability/troubleshooting-vpn-connectivity-to-a-high-availability-secondary-node.html
That solution works.