Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reach slave HA node from Openvpn Client

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ilbicio
      last edited by

      Hello,
      Supposing an HA setup of two pfsense, A and B, with openvpn running on a CARP IP on WAN interface, I can't figure out a way for reach firewall B when I'm connected to Openvpn (for managing purpose) running on master node A.
      Anyone did this?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Yeah that's tricky because the OpenVPN routes are not on the Backup. You can route to it but it has no route to get back to you.

        You could set up an outbound NAT on each LAN that NATs the source address of the VPN endpoint to the LAN address of the Master unit.

        You could ssh into the Master unit (or anything else that can route to the backup unit) and do a Local tunnel to the Backup unit.

        If the Master is 192.168.1.2 and the Backup is 192.168.1.3:

        ssh root@192.168.1.2 -L 8443:192.168.1.3:443

        Then tell your browser to connect to https://127.0.0.1:8443/

        You could RDP into a management host that can route to the backup unit and manage it from there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          https://doc.pfsense.org/index.php/CARP_Secondary_Unreachable_Over_VPN

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.