OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: lau.xiong on March 28, 2019, 03:17:39 pm
-
I cannot get OpenVPN working on my OPNsense cluster.
Please review the configuration attachments.
I can ping the external virtual IP (3.20.150.240), but I cannot get OpenVPN to work on any of the IPs:
3.20.150.240 (VIP)
3.20.150.243 (First OPNsense Host)
3.20.150.244 (Second OPNsense Host)
Thanks,
Lau
-
Where is the screenshot of your OpenVPN server config?
-
I do not believe it is an issue with VPN configuration as I can connect fine if I'm not using CARP.
Anyway, here is the OpenVPN server configuration.
I am missing a NAT/Firewall rule somewhere, but I am too inexperience to know where.
-
If you use carp, Open VPN Interface has to be a carp Interface
-
This is my problem. The CARP virtual interface reponds to pings, but it will not allow OpenVPN to work--possibly I am missing some NAT/firewall rule.
vpn1 - WAN 3.20.150.243
vpn2 - WAN 3.20.150.244
CARP VIP - 3.20.150.240
All IPs respond to pings, but OpenVPN does not work on either of these IPs. If I break CARP, OpenVPN works find on 3.20.150.243 and 3.20.150.244 and 3.20.150.240 no longer responds to pings.
This indicates that I have the CARP set up properly because they do sync up.
I am hoping that someone can look at my NAT configuration and tell me what I am missing.
Thanks,
Chris
-
You can't use the CARP IP when you have set interface to any in server config.
Select your CARP IP there and it'll work
-
@ minugmail, please excuse this blockhead of mine.
I assume you meant that I need to do something like the attached screenshot?
-
Yep, this works. Set up yesterday for a customer