Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN does not connect with CARP address but does with WAN address

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    9 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bgibson
      last edited by

      Hello there,
      We have setup two pfsense boxes in full carp failover. We have two WAN's with 5 static IP addresses each. Other locations we have done this at works perfectly. Unfortunately, my setup here does not like the Virtual IP address created for my AT&T connection. When we configure the open VPN address with the carp address, it will not connect. When it's set to the static IP, it works no problem. From what I have read, the issue seems to be with the DSL modem not having "promiscuous" mode enabled, or the VIP does not contain a mac address so it can not authenticate. Can anyone enlighten me on where the issue may reside? I've tried explaining the issue to AT&T but I'm not sure they understand Pfsense or at least the techs I have talked to are not sure. We need this working since this location is not fully redundant. Any input would be great!

      1 Reply Last reply Reply Quote 0
      • B
        bgibson
        last edited by

        Below is the openvpn error I get once we set the interface to the carp address.
        May 21 15:40:32 openvpn[28266]: SIGUSR1[soft,ping-restart] received, process restarting
        May 21 15:40:34 openvpn[28266]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
        May 21 15:40:34 openvpn[28266]: Re-using pre-shared static key
        May 21 15:40:34 openvpn[28266]: Preserving previous TUN/TAP instance: ovpnc2
        May 21 15:40:34 openvpn[28266]: UDPv4 link local (bound): x.x.x.x (carp address for Wan2)
        May 21 15:40:34 openvpn[28266]: UDPv4 link remote: x.x.x.x:x
        May 21 15:41:34 openvpn[28266]: Inactivity timeout (–ping-restart), restarting

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          what type of AT&T service is it? Uverse RGs require stupid config changes before additional IPs will work. That sounds like the IP isn't working at all, which makes me think Uverse and its usual problems.

          1 Reply Last reply Reply Quote 0
          • B
            bgibson
            last edited by

            Thanks for the response! I'm going to call now as this is our backup ISP and I'm not 100% sure if it's uverse or not. Is this something they will be able to change and if so, what am I asking them to change?

            1 Reply Last reply Reply Quote 0
            • B
              bgibson
              last edited by

              From what AT&T could gather, I do not have a Uverse account. It's a business account, with a dsl connection.

              1 Reply Last reply Reply Quote 0
              • B
                bgibson
                last edited by

                Any other possibilities that would cause this?

                1 Reply Last reply Reply Quote 0
                • M
                  MLIT
                  last edited by

                  Can you connect another host to the public network on the non-working side? –- Try to connect the two hosts that on the same network with OpenVPN. If it doesn't work, then it is not necessarily a problem with the AT&T modem causing the problem.

                  If it does work, everything is pointing to the modem. Do other services with CARP work fine?

                  1 Reply Last reply Reply Quote 0
                  • B
                    bgibson
                    last edited by

                    Yes, I can connect the two host using openvpn pointing to the wans static IP address, but when I point it to the Carp address, the VPN goes down and gives us the error listed above. My Time Warner Cable connection works fine, it's only with our ATT connection. TWC is 35x5 with 5 static IP, and our ATT connection is 768x768 dsl with 5 static IP.

                    1 Reply Last reply Reply Quote 0
                    • M
                      MLIT
                      last edited by

                      I think you misunderstood me, but I believe the issue is the DSL modem.

                      Can you get into your DSL modem? Generally you can change the setting for it by browsing to the IP address that is the default gateway on the WAN for your DSL network.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.