Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN answering with real instead of CARP IP

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 261 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • junicastJ
      junicast
      last edited by

      Hi,

      I'm running a CARP setup with two dedicated X86 systems and pfSense 2.4.4p3.
      At first I setup OpenVPN (tun) with the real IP of the master device. After setting up CARP I changed:

      • the interface to the CARP IP in OpenVPN server configuration
      • the firewall rule to allow incoming traffic to CARP instead of real IP port 1194 UDP

      When I connect to the CARP IP with OpenVPN I'm receiving packets at the pfSense Firewall and I also see that packets are being sent back to the client. The don't arrive at the client though. I found out that the firewall that sits in front of the client rejects those packets because they are being sent from the real IP instead of the CARP IP.

      Does anyone have an idea why that is?

      1 Reply Last reply Reply Quote 0
      • junicastJ
        junicast
        last edited by

        OMG I'm sorry but maybe it'll help someone else in the future.
        The problem was that the configuration of the VPN Service was set to

        • UDP4 IPv4 and IPv6 an all interfaces (multihome)

        instead of

        • UDP on IPv4 only

        Eversince I changed to that setting the tunnel works fine and in the config there was added
        local 1.2.3.4
        which is my CARP IP 😋

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.