OpenVPN and CARP not Working

[lau.xiong]

I cannot get OpenVPN working on my OPNsense cluster.

Please review the configuration attachments.

I can ping the external virtual IP (3.20.150.240), but I cannot get OpenVPN to work on any of the IPs:

3.20.150.240 (VIP)
3.20.150.243 (First OPNsense Host)
3.20.150.244 (Second OPNsense Host)


Thanks,

Lau


   

[mimugmail]

Where is the screenshot of your OpenVPN server config?

[lau.xiong]

I do not believe it is an issue with VPN configuration as I can connect fine if I'm not using CARP.

Anyway, here is the OpenVPN server configuration.

I am missing a NAT/Firewall rule somewhere, but I am too inexperience to know where.

[mimugmail]

If you use carp, Open VPN Interface has to be a carp Interface

[lau.xiong]

This is my problem. The CARP virtual interface reponds to pings, but it will not allow OpenVPN to work--possibly I am missing some NAT/firewall rule.

vpn1 - WAN 3.20.150.243
vpn2 - WAN 3.20.150.244

CARP VIP - 3.20.150.240

All IPs respond to pings, but OpenVPN does not work on either of these IPs. If I break CARP, OpenVPN works find on 3.20.150.243 and 3.20.150.244 and 3.20.150.240 no longer responds to pings.

This indicates that I have the CARP set up properly because they do sync up.

I am hoping that someone can look at my NAT configuration and tell me what I am missing.

Thanks,

Chris

[mimugmail]

You can't use the CARP IP when you have set interface to any in server config.
Select your CARP IP there and it'll work

[lau.xiong]

@ minugmail, please excuse this blockhead of mine.

I assume you meant that I need to do something like the attached screenshot?

[mimugmail]

Yep, this works. Set up yesterday for a customer