VPN auto reconnect
-
I have 2 pfsense machines which act in a failover formation (pfsync, carp, virtual ip's etc)
When I connect to the OpenVPN, I suspect that the connections go to the master pfsense machine which is all good. For testing, I unplugged the master and the backup then becomes the master.
However the VPN still thinks it is connected and I need to manually disconnect and reconnect it again which works but will be annoying if the VPN fails for all of our users.
I connect to the VPN via a shared virtual WAN IP which is NATed to local LAN virtual IP which the OpenVPN listens on.
Is there an option to detect a dead server and force a re connection so that it starts to use the backup instead?
This is my local OpenVPN config file:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
tls-remote myserver
auth-user-pass
pkcs12 myserver-udp-1194-myname.p12
tls-auth myserver-udp-1194-myname-tls.key 1
comp-lzo
remote-random
floatFrom the default config, I added:
remote-random
floatin the hope it would fix this
Thanks is advance.
Graham
-
You want to bind the VPN to the CARP VIP, not to the "WAN" interface. You should not need two remote lines or remote-random.
For the client, try something like:
keepalive 10 60 ping-timer-rem
-
You want to bind the VPN to the CARP VIP, not to the "WAN" interface. You should not need two remote lines or remote-random.
For the client, try something like:
keepalive 10 60 ping-timer-rem
I actually bind the VPN to the CARP VIP on the LAN side and NAT through connections on the OpenLDAP port from the WAN to the LAN (I read to do it this was instead of binding to the WAN CARP VIP)
Does this change things?
-
As long as the port forward is on the CARP VIP, what I mentioned should be the same.
-
Those 2 settings worked perfectly thanks. (NAT was pointing to the CARP VIP :) )