Openvpn with 2 firewalls in the main office and two in the remote office
I have openvpn up and running in our two offices. However in the remote office currently fw1 is connected to a carp vip of the main office. This works fine. When the fw1 of the main office dies, the fw2 of the main office gets the carp ip and thus the connection stays up.
However what I also want to do is to have fail-over in our remote office. Is there a way to bring the tunnel up on our fw2 in the remote office. So that if fw1 dies, fw2 initiates a connection to our main office?
I have been reading a lot of posts on the forum but can't find any good help for this…
So thanks in advance!
i've never tried this with carp involved …. but perhaps you can make it work with some experimenting ;)
what i would try is to have both tunnels up simultaniously and have OSPF do the routing. you can get failover by giving tunnel1 a lower metric then tunnel2
If the OpenVPN tunnel terminates to the CARP VIP of fw1/fw2, you don't need to do any kind of fancy failover.
Furthermore, if the setup is the same on both connections (same CA/Cert/settings) you can just add another "remote x.x.x.x;" line in the custom options of the client and it will try that other IP if the first one is down.