Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    CARP and OpenVPN not stable

    HA/CARP/VIPs
    2
    2
    1408
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edigga333 last edited by

      I have 2 bare metal PFSense boxes configured with CARP and PFsync along with a PFSense VM that connects a remote office back to us via a P2P shared key Open VPN tunnel.

      Everything works fine until I need to save something on the primary firewall. (Such as something as simple as saving my email address for notifications etc.)

      Then my remote office PFSense decides to connect to the secondary and will not fail back to the primary PFSense unless I take down or reboot the secondary PFSense box. (After a reboot of the secondary PFSense everything is once again up and stable?)

      When this happens the secondary PFSense thinks his Wan VIP is now Primary and the remote office starts getting these Open VPN errors in the logs:

      openvpn[20819]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #378 / time = (1364333243) Tue Mar 26 14:27:23 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

      PFSense v 2.0.2

      Any Ideas?

      Please help!

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Make sure you have the CARP VIP selected as the 'interface' for the VPN and not the actual interface (e.g. 'WAN')

        When set that way, pfSense 2.0.2 and later will disable the VPN on the backup node until it becomes a CARP master.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy