CARP & OpenVPN
is there a way to configure OpenVPN server with à CARP VIP failover solution ?
I'm using pfsense 1.2RC4
Up ??? ???
nobody ??? :'( :'(
sullrich last edited by
No. OpenVPN state would not be sync'd to the other CARP members.
OK, thanks for that
so using the remote-random option on the client side will do the job for the moment
dhipo last edited by
I m setting one solution with carp and openvpn .
some intersting thing happen .
im my setup
PFsense A - wan is 199.a.b.52 it's master CARP
PFsense B - wan is 199.a.b.53
VIP wan is 199.a.b.2
i am using port 1194 TCP on openVPN
and an road-warrior client calling address 199.a.b.2 connect with success
calling address 199.a.b.52 connect with success
calling address 199.a.b.53 no connection
and client log show this :
Sat Feb 09 12:47:02 2008 us=265000 TCPv4_CLIENT READ  from 199.a.b.53:1194: P_ACK_V1 kid=0 [ 30 ]
Sat Feb 09 12:47:02 2008 us=468000 AUTH: Received AUTH_FAILED control message
Sat Feb 09 12:47:02 2008 us=468000 TCP/UDP: Closing socket
Sat Feb 09 12:47:02 2008 us=468000 SIGTERM[soft,auth-failure] received, process exiting
Any ideia ?
we can test our configs to found an solution ?
dhipo last edited by
i Have two boxes configured with CARP ... all is working ....
the problems with OpenVPN stops when .. i Deleted all related OpenVPN on Master .
look , may master (first box ) was configured with openVPN when i decided to have an Carp solution (second box)
step by step i did:
- Backup all data on OpenVPN config page (Ca.crt, server.key, server.crt, server.dh) and clean all fields.
- deleted server config on OpenVPN.. when all was clen in both boxes . reboot.
- with master box off i did all OpenVPN config on the slave box, then started master box and did config too. The config are exactly same.
in my Road-warriors clients i did a connection to 1194 TCP on the VIP address of WAN .
now my clients can connect in master or slave box, when master goes down connection are dropped and in seconds restablished. When master returns again, connections are dropped and reconnected .
No more errors connecting on the slave when master was off.