OpenVPN and CARP not Working

Started by lau.xiong, March 28, 2019, 03:17:39 PM

Previous topic - Next topic
I cannot get OpenVPN working on my OPNsense cluster.

Please review the configuration attachments.

I can ping the external virtual IP (3.20.150.240), but I cannot get OpenVPN to work on any of the IPs:

3.20.150.240 (VIP)
3.20.150.243 (First OPNsense Host)
3.20.150.244 (Second OPNsense Host)


Thanks,

Lau


   

Where is the screenshot of your OpenVPN server config?

I do not believe it is an issue with VPN configuration as I can connect fine if I'm not using CARP.

Anyway, here is the OpenVPN server configuration.

I am missing a NAT/Firewall rule somewhere, but I am too inexperience to know where.

If you use carp, Open VPN Interface has to be a carp Interface

This is my problem. The CARP virtual interface reponds to pings, but it will not allow OpenVPN to work--possibly I am missing some NAT/firewall rule.

vpn1 - WAN 3.20.150.243
vpn2 - WAN 3.20.150.244

CARP VIP - 3.20.150.240

All IPs respond to pings, but OpenVPN does not work on either of these IPs. If I break CARP, OpenVPN works find on 3.20.150.243 and 3.20.150.244 and 3.20.150.240 no longer responds to pings.

This indicates that I have the CARP set up properly because they do sync up.

I am hoping that someone can look at my NAT configuration and tell me what I am missing.

Thanks,

Chris

You can't use the CARP IP when you have set interface to any in server config.
Select your CARP IP there and it'll work

March 29, 2019, 04:24:05 PM #6 Last Edit: March 29, 2019, 04:29:39 PM by lau.xiong
@ minugmail, please excuse this blockhead of mine.

I assume you meant that I need to do something like the attached screenshot?

Yep, this works. Set up yesterday for a customer