Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN communication via CARP IP

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    2
    43
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Snailkhan
      last edited by

      Hi,
      I have setup two pfsense boxes with HA and they will run OpenVPN.

      I want in case of failure of one pfsense the other node to take the role and keep my vpn clients connected ,.

      I have setup the openvpn to use microsoft AD for radius authenticaiton. How can i make pfsense use the CARP LAN IP for communcating with AD and internal firewall for implementing access rules over there.

      Is pfsense using the outgoing interface ip of Master node for internetal lan communcation for traffic originating from pfsense box say for radius authentication ? or for routing traffic to internal subents that are behind another firewall.
      or is it by default using the carp vip for lan communcation.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Snailkhan
        last edited by

        @Snailkhan
        By default the primary interface IP is used for communication with other devices.

        If you want pfSense to use the CARP VIP you have to add an outbound NAT rule to LAN or the respective interface and set the CARP VIP as translation address.

        However, don't do this for any traffic! It would lead into issues with services running on both nodes, e.g. DHCP.
        So limit the destination (IP and port) to the domain controller or whatever you need it for.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post