OPNsense Forum

English Forums => Virtual private networks => Topic started by: random1104 on July 13, 2021, 04:20:50 am

Title: Bind to more than one CARP IP
Post by: random1104 on July 13, 2021, 04:20:50 am

Hello!, is it possible to bind an OpenVPN server to more than one CARP IP? (One for IPv4 and one for IPv6)

Title: Re: Bind to more than one CARP IP
Post by: franco on July 13, 2021, 08:56:23 am

Dual stack support in OpenVPN is almost nonexistent except for the default that listens to all addresses (IPv4 and IPv6). As soon as you give it an address it switches to that particular address family.

For an ancient feature request see https://community.openvpn.net/openvpn/ticket/556


Cheers,
Franco

Title: Re: Bind to more than one CARP IP
Post by: random1104 on July 19, 2021, 03:08:09 am

So, instead of setting up two servers, can I bind to all and only allow access to the CARP address via firewall rules?.

Title: Re: Bind to more than one CARP IP
Post by: franco on July 19, 2021, 10:08:26 am

Yes, correct.

Title: Re: Bind to more than one CARP IP
Post by: random1104 on July 27, 2021, 12:01:41 pm

Will that hinder functionality in a CARP setup? (Wondering if the openvpn implementation makes anything different when set to bind only to a CARP IP)

Title: Re: Bind to more than one CARP IP
Post by: franco on July 27, 2021, 12:05:00 pm

Not really. You can even use port forwards to make it work across different interfaces. In that case you don't even strictly need CARP.

The OpenVPN limitation is just that when you bind to a VIP you have to choose if your service is IPv4 or IPv6. You need two instances if you want to support both IPv4 and IPv6.


Cheers,
Franco