<![CDATA[OpenVPN with HA/CARP not connecting on VIP]]>Hello. I have successfully got HA with CARP working. I tested by pulling the plug on the main firewall and sure enough the connection to the Internet on a client computer was maintained through the second firewall. When I enter "what is my IP address" into Google I get the VIP external address.

I have also been able to get Open VPN to work when using the non VIP address for the server's interface. However as soon as I switch the interface to the VIP one, the OpenVPN client hangs right
after the UDPv4 link remote: [AF-INET] {external CARP VIP address}.

I'm trying to follow what's mentioned here:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-vpn-secondary.html

To create the HA/CARP setup I followed this tutorial:

https://www.youtube.com/watch?v=-1Og5ogkyZY

Any ideas as to what might be wrong? I'm new to pfSense.

Cheers,
Kajetan.

]]>https://forum.netgate.com/topic/182996/openvpn-with-ha-carp-not-connecting-on-vipRSS for NodeSat, 13 Jun 2026 16:10:15 GMTFri, 22 Sep 2023 17:31:54 GMT60<![CDATA[Reply to OpenVPN with HA/CARP not connecting on VIP on Tue, 26 Sep 2023 14:17:13 GMT]]>@viragomann Thank you, that did the trick. In the rule I changed:

Destination
Destination: WAN address

to

Destination
Destination: Single host or alias 99.XXX.XXX.XXX

]]>https://forum.netgate.com/post/1127297https://forum.netgate.com/post/1127297Tue, 26 Sep 2023 14:17:13 GMT<![CDATA[Reply to OpenVPN with HA/CARP not connecting on VIP on Sun, 24 Sep 2023 14:41:34 GMT]]>@Kajetan321 said in OpenVPN with HA/CARP not connecting on VIP:

s the rule created by the OpenVPN wizard not enough?

No, "WAN address" doesn't seem to be the VIP. So you will have to edit the rule and change the destination to the desired VIP.

]]>https://forum.netgate.com/post/1127007https://forum.netgate.com/post/1127007Sun, 24 Sep 2023 14:41:34 GMT<![CDATA[Reply to OpenVPN with HA/CARP not connecting on VIP on Fri, 22 Sep 2023 20:36:02 GMT]]>When looking at System Logs > Firewall it seems OpenVPN packets are being blocked. I don't know how to change that. Is the rule created by the OpenVPN wizard not enough?

d55be343-b84e-425a-a219-ba459f3281c2-image.png

2d8810e3-9463-45b4-8fa3-8d968824ae30-image.png

]]>https://forum.netgate.com/post/1126891https://forum.netgate.com/post/1126891Fri, 22 Sep 2023 20:36:02 GMT<![CDATA[Reply to OpenVPN with HA/CARP not connecting on VIP on Fri, 22 Sep 2023 17:56:49 GMT]]>I tried following this guide:

https://vorkbaard.nl/openvpn-in-a-pfsense-carp-cluster/

and entered the "local {External CARP VIP}" into the custom options field. As far as I can tell, nothing changed.

]]>https://forum.netgate.com/post/1126877https://forum.netgate.com/post/1126877Fri, 22 Sep 2023 17:56:49 GMT