Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access CARP backup behind IPSec

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nullifi
      last edited by

      What is the proper method of accessing the webgui of a backup system that's behind an IPSec tunnel? I did search, and I came across this thread. It appears that's talking about version 1.2.3, though.

      Is there an easy way to gain access to the secondary system? I can ssh from the primary, but it would be nice to have access to the webgui. I understand that the problem is that the backup box doesn't have a route across the VPN. But how would I add one, that wouldn't break everything? From what I can tell, the routes are sycned between the systems, so if I add one wouldn't it get removed the next time the primary box syncs?

      What happens when the backup becomes the master? Would that route pointing all traffic to the now inaccessible box break the vpn?

      I tried setting up an SSH proxy, but failed miserably. Probably because I don't entirely understand how to do it (never done it before.)

      Any guidance would be greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • N
        nullifi
        last edited by

        You know what, I'm an idiot. We can just use the public IP to access it.

        1 Reply Last reply Reply Quote 0
        • S
          SeventhSon
          last edited by

          If you don't want to open an extra port on the outside, you can do an SSH tunnel like so in PuTTY:

          Under Connection:SSH:Tunnels:
          Souce port: 6666
          Destination: secondary_ip:443
          x Remote
          x IPv4

          Click add
          open ssh
          log in

          and then in your browser, go to https://localhost:5000

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.