CARP OpenVPN - still not working properly in 2.1
In 2.0.2 release and newer, you just need to bind the OpenVPN client instance to a CARP IP, and the system automatically handles starting/stopping the client instance with the CARP status.
I've just upgraded a pair of 2.01 firewalls to 2.1 that run are in a HA configuration with CARP - running an OpenVPN client and server.
The CARP backup firewall, which confirmed by the status as BACKUP - is repeatedly still trying to connect the OpenVPN tunnel.
Make sure the "interface" of the OpenVPN client is selected as a CARP VIP on WAN and not "WAN".