OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: Arakangel Michael on May 10, 2017, 07:22:12 pm
-
I've built 2 HA clusters using 17.1. All the same hardware.
XMLRPC sync works fine.
VPN on the master works fine. (Service start, logs, connectivity, etc.)
WAN is a CARP VIP.
Everything else works fine.
The backup firewall cannot start it's OpenVPN service. There are no logs in the firewall.
The 2nd pair of firewalls is a bit more interesting. I had to use IP Alias for both LAN / WAN. CARP didn't work with the switch for some reason. The first OpenVPN synced, and starts on both firewalls. I setup a 2nd VPN using the wizard, and it syncs fine, but the service for it won't start on the backup firewall. I set the logging to 11 on the master, which synced to the backup, but no logs for service start on the backup.
The primary VPN is WAN > LAN
The 2nd VPN is for LAN > Management
The 2nd instance is using 1195 UDP, and 192.168.11.0/24 to defer from the primary VPN.
The goal is to require multifactor VPN to the firewall before being able to access administrative interfaces on the network devices.
Is there any thing else I can check here?
What are the recommendations to have the firewall segment traffic depending on VPN type, or user? I only see the 'OpenVPN' interface listed under Firewall > Rules. The ovpns1, and ovpns2 aren't defined in the GUI that I can see.