OpenVPN answering with real instead of CARP IP



  • Hi,

    I'm running a CARP setup with two dedicated X86 systems and pfSense 2.4.4p3.
    At first I setup OpenVPN (tun) with the real IP of the master device. After setting up CARP I changed:

    • the interface to the CARP IP in OpenVPN server configuration
    • the firewall rule to allow incoming traffic to CARP instead of real IP port 1194 UDP

    When I connect to the CARP IP with OpenVPN I'm receiving packets at the pfSense Firewall and I also see that packets are being sent back to the client. The don't arrive at the client though. I found out that the firewall that sits in front of the client rejects those packets because they are being sent from the real IP instead of the CARP IP.

    Does anyone have an idea why that is?



  • OMG I'm sorry but maybe it'll help someone else in the future.
    The problem was that the configuration of the VPN Service was set to

    • UDP4 IPv4 and IPv6 an all interfaces (multihome)

    instead of

    • UDP on IPv4 only

    Eversince I changed to that setting the tunnel works fine and in the config there was added
    local 1.2.3.4
    which is my CARP IP 😋


Log in to reply