Access CARP backup behind IPSec



  • What is the proper method of accessing the webgui of a backup system that's behind an IPSec tunnel? I did search, and I came across this thread. It appears that's talking about version 1.2.3, though.

    Is there an easy way to gain access to the secondary system? I can ssh from the primary, but it would be nice to have access to the webgui. I understand that the problem is that the backup box doesn't have a route across the VPN. But how would I add one, that wouldn't break everything? From what I can tell, the routes are sycned between the systems, so if I add one wouldn't it get removed the next time the primary box syncs?

    What happens when the backup becomes the master? Would that route pointing all traffic to the now inaccessible box break the vpn?

    I tried setting up an SSH proxy, but failed miserably. Probably because I don't entirely understand how to do it (never done it before.)

    Any guidance would be greatly appreciated!



  • You know what, I'm an idiot. We can just use the public IP to access it.



  • If you don't want to open an extra port on the outside, you can do an SSH tunnel like so in PuTTY:

    Under Connection:SSH:Tunnels:
    Souce port: 6666
    Destination: secondary_ip:443
    x Remote
    x IPv4

    Click add
    open ssh
    log in

    and then in your browser, go to https://localhost:5000


Locked