Openvpn client export not using "local" custom config for CARP



  • Hi,

    Using the 3 October 2010 pfsense snapshot, it's working fine.  I have openvpn running with the new wizard and radius, and I've installed the openvpn client export utility.  OpenVPN is listening on a dedicated CARP IP, so I can have some sort of failover.  The client export package is installed.  I want the Windows installer because my users are, well, average users.

    The configuration file exported from the master server includes the master server IP as the "remote" option rather than the CARP IP.  The installer config doesn't work, because openvpn isn't listening on that address.  Is this a known issue?  Is it worth filing a bug report on?

    In the meantime, is there a way to edit or replace the config file in the install.exe program, so I can distribute a config to my users?

    (Yes, yes, I know, 2.0 not ready for production… there's not many users, and they know this is a beta test environment to demo what we'll be rolling out once 2.0 goes live.)

    On the plus side, pfSense 2 is easier than setting up yet another vanilla PF box.  If I must distribute the config file by hand, or as a batch file, or some such thing, it'll still suck less than doing it by hand...

    Thanks,
    ==ml


  • Rebel Alliance Developer Netgate

    That's definitely worth a bug report. It should be using the CARP VIP if you have that selected in the GUI.

    I've been maintaining that package lately, I'll take a look and try to get a fix in.



  • @jimp:

    That's definitely worth a bug report. It should be using the CARP VIP if you have that selected in the GUI.

    I'll file a bug report then.

    Note that there's no way to select the CARP VIP in the "OpenVPN: Server" page.  I had to use the "Advanced" configuration and manually enter "local XXX.XXX.XXX.XXX".  A drop-down to select the listening IP would be nice.


  • Rebel Alliance Developer Netgate

    I haven't tried in a while but I thought the CARP VIPs should be in interface drop-down.


  • Rebel Alliance Developer Netgate

    Mine works fine doing this. In my OpenVPN server instance, the CARP VIP is a choice as an Interface. If I pick it there and save, the exported config does include the proper CARP VIP in the remote entry.



  • For anyone who finds this thread later:

    It turned out to be browser behavior.  Try a different Web browser if you have this problem.


Log in to reply