OpenVPN with HA/CARP not connecting on VIP
-
Hello. I have successfully got HA with CARP working. I tested by pulling the plug on the main firewall and sure enough the connection to the Internet on a client computer was maintained through the second firewall. When I enter "what is my IP address" into Google I get the VIP external address.
I have also been able to get Open VPN to work when using the non VIP address for the server's interface. However as soon as I switch the interface to the VIP one, the OpenVPN client hangs right
after the UDPv4 link remote: [AF-INET] {external CARP VIP address}.I'm trying to follow what's mentioned here:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-vpn-secondary.htmlTo create the HA/CARP setup I followed this tutorial:
https://www.youtube.com/watch?v=-1Og5ogkyZY
Any ideas as to what might be wrong? I'm new to pfSense.
Cheers,
Kajetan. -
I tried following this guide:
https://vorkbaard.nl/openvpn-in-a-pfsense-carp-cluster/
and entered the "local {External CARP VIP}" into the custom options field. As far as I can tell, nothing changed.
-
When looking at System Logs > Firewall it seems OpenVPN packets are being blocked. I don't know how to change that. Is the rule created by the OpenVPN wizard not enough?
-
@Kajetan321 said in OpenVPN with HA/CARP not connecting on VIP:
s the rule created by the OpenVPN wizard not enough?
No, "WAN address" doesn't seem to be the VIP. So you will have to edit the rule and change the destination to the desired VIP.
-
@viragomann Thank you, that did the trick. In the rule I changed:
Destination
Destination: WAN addressto
Destination
Destination: Single host or alias 99.XXX.XXX.XXX -
R reberhar referenced this topic on