Reach slave HA node from Openvpn Client
-
Hello,
Supposing an HA setup of two pfsense, A and B, with openvpn running on a CARP IP on WAN interface, I can't figure out a way for reach firewall B when I'm connected to Openvpn (for managing purpose) running on master node A.
Anyone did this? -
Yeah that's tricky because the OpenVPN routes are not on the Backup. You can route to it but it has no route to get back to you.
You could set up an outbound NAT on each LAN that NATs the source address of the VPN endpoint to the LAN address of the Master unit.
You could ssh into the Master unit (or anything else that can route to the backup unit) and do a Local tunnel to the Backup unit.
If the Master is 192.168.1.2 and the Backup is 192.168.1.3:
ssh root@192.168.1.2 -L 8443:192.168.1.3:443
Then tell your browser to connect to https://127.0.0.1:8443/
You could RDP into a management host that can route to the backup unit and manage it from there.
-
https://doc.pfsense.org/index.php/CARP_Secondary_Unreachable_Over_VPN