I wonder if its possible to force OpenVPN client to use my carp IP
address as the source address when connecting. I have a
redundant/failover setup and Im allowed to use only one IP address to
connect to he VPN server.
Im using 1.2-RC4-pfSense on my test box.
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 10.0.2.1 netmask 0xffff0000 broadcast 10.0.255.255
inet6 fe80::215:17ff:fe51:4a16%em0 prefixlen 64 scopeid 0x1
ether 00:15:17:51:4a:16
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
lagg: laggdev lagg0
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 192.168.0.220 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::215:17ff:fe51:4a17%em1 prefixlen 64 scopeid 0x2
ether 00:15:17:51:4a:17
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
inet6 fe80::21c:23ff:fee1:f7d1%bge0 prefixlen 64 scopeid 0x3
ether 00:1c:23:e1:f7:d1
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 10.0.2.4 netmask 0xffff0000 broadcast 10.0.255.255
inet6 fe80::21c:23ff:fee1:f7d2%bge1 prefixlen 64 scopeid 0x4
ether 00:15:17:51:4a:16
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
lagg: laggdev lagg0
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncdev: bge0 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> mtu 1536
pflog0: flags=100<PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 192.168.0.223 netmask 0xffffff00
carp: MASTER vhid 11 advbase 1 advskew 0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet6 fe80::215:17ff:fe51:4a16%tun0 prefixlen 64 scopeid 0xa
inet 192.168.66.1 --> 192.168.66.2 netmask 0xffffffff
Opened by PID 360
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.2.6 netmask 0xffff0000 broadcast 10.0.255.255
inet6 fe80::215:17ff:fe51:4a16%lagg0 prefixlen 64 scopeid 0xb
ether 00:15:17:51:4a:16
media: Ethernet autoselect
status: active
lagg: laggproto failover
laggport bge1 =4<ACTIVE>
laggport em0 =5<MASTER,ACTIVE>
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.1 UGS 0 1568 em1
10/16 link#11 UCS 0 0 lagg0
10.0.1.10 00:1c:23:74:09:be UHLW 1 50 lagg0 1141
10.0.1.11 00:1c:23:74:09:0d UHLW 1 32 lagg0 1164
10.0.2.6 00:15:17:51:4a:16 UHLW 1 66 lo0
10.0.2.7 00:15:17:51:3f:2e UHLW 1 60 lagg0 337
10.0.2.10 00:19:b9:eb:62:7d UHLW 1 7886 lagg0 1165
10.0.2.20 00:19:b9:eb:62:b9 UHLW 1 5691 lagg0 1170
10.0.3.10 00:1c:23:c7:60:cd UHLW 1 8590 lagg0 1176
10.0.3.20 00:1c:23:c7:62:97 UHLW 1 5886 lagg0 1155
10.1/24 link#3 UC 0 0 bge0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.0 link#2 UC 0 0 em1
192.168.0.1 00:17:9a:58:20:3f UHLW 2 556 em1 56
192.168.0.121 00:1a:92:8a:86:36 UHLW 1 15859 em1 1138
192.168.0.220 00:15:17:51:4a:17 UHLW 1 66 lo0
192.168.0.223 192.168.0.223 UH 0 0 carp0
192.168.66 192.168.66.2 UGS 0 9889 tun0
192.168.66.2 192.168.66.1 UH 1 0 tun0
