CARP & OpenVPN



  • Hi all,

    is there a way to configure OpenVPN server with à CARP VIP failover solution ?

    I'm using pfsense 1.2RC4

    Best regards

    JMB



  • Up ???  ???



  • nobody ???  :'( :'(



  • No.  OpenVPN state would not be sync'd to the other CARP members.



  • OK, thanks for that

    so using the remote-random option on the client side will do the job for the moment

    Regards



  • hi jmbo,

    I m  setting one solution with carp and openvpn .

    some intersting thing happen .

    im my setup

    PFsense A - wan is 199.a.b.52 it's master CARP
    PFsense B - wan is 199.a.b.53
    VIP wan is 199.a.b.2

    i am using port 1194 TCP on openVPN

    and an road-warrior client calling address 199.a.b.2 connect with success
    calling address 199.a.b.52 connect with success
    calling address 199.a.b.53  no connection
    and client log show this :

    Sat Feb 09 12:47:02 2008 us=265000 TCPv4_CLIENT READ [22] from 199.a.b.53:1194: P_ACK_V1 kid=0 [ 30 ]


    Sat Feb 09 12:47:02 2008 us=468000 AUTH: Received AUTH_FAILED control message
    Sat Feb 09 12:47:02 2008 us=468000 TCP/UDP: Closing socket
    Sat Feb 09 12:47:02 2008 us=468000 SIGTERM[soft,auth-failure] received, process exiting

    Any ideia ?

    we can test our configs to found an solution ?



  • All working…..

    i Have two boxes configured with CARP ... all is working ....
    the problems with OpenVPN stops when .. i Deleted all related OpenVPN on Master .
    look , may master (first box ) was configured with openVPN when i decided to have an Carp solution (second box)

    step by step i did:

    • Backup all data on OpenVPN config page (Ca.crt, server.key, server.crt, server.dh) and clean all fields.
    • deleted server config on OpenVPN.. when all was clen in both boxes . reboot.
    • with master box off i did all OpenVPN config on the slave box, then started master box and did config too. The config are exactly same.
      in my Road-warriors clients i did a connection to 1194 TCP on the VIP address of WAN .
      now my clients can connect in master or slave box, when master goes down connection are dropped and in seconds restablished. When master returns again, connections are dropped and reconnected .
      No more errors connecting on the slave when master was off.

Log in to reply