4. OpenVPN answering with real instead of CARP IP

OpenVPN answering with real instead of CARP IP


  • Hi,

    I'm running a CARP setup with two dedicated X86 systems and pfSense 2.4.4p3.
    At first I setup OpenVPN (tun) with the real IP of the master device. After setting up CARP I changed:

    • the interface to the CARP IP in OpenVPN server configuration
    • the firewall rule to allow incoming traffic to CARP instead of real IP port 1194 UDP

    When I connect to the CARP IP with OpenVPN I'm receiving packets at the pfSense Firewall and I also see that packets are being sent back to the client. The don't arrive at the client though. I found out that the firewall that sits in front of the client rejects those packets because they are being sent from the real IP instead of the CARP IP.

    Does anyone have an idea why that is?

    0

  • OMG I'm sorry but maybe it'll help someone else in the future.
    The problem was that the configuration of the VPN Service was set to

    • UDP4 IPv4 and IPv6 an all interfaces (multihome)

    instead of

    • UDP on IPv4 only

    Eversince I changed to that setting the tunnel works fine and in the config there was added
    local 1.2.3.4
    which is my CARP IP 😋

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy