Hello folks, I have 2 pfSense firewall devices with failover using CARP, and a functioning OpenVPN server working on the master device over the virtual CARP IP address. I want to have another OpenVPN server running on the WAN IP address of the secondary device (after disabling XML RPC sync of VPN configurations), so that we can connect to it directly for a period of time during a maintenance period.
I have the second VPN server configured exactly as the functioning server. However, when I connect, I'm told: > Incoming packet rejected from [AF_INET]X.X.X.1:1194[2], expected peer > address: [AF_INET]X.X.X.2:1195 (allow this incoming source address/port by > removing --remote or adding --float) So I attempted to use the 'float' option on the client, which allowed for getting that to be quiet. However, I then received this: > TLS Error: local/remote TLS keys are out of sync: [AF_INET]X.X.X.1:1194 [0] When looking at the OpenVPN configuration documentation, I'm told I can use the 'local X.X.X.2' server setting, which I thought would be effected by choosing that IP address in the pfSense settings for the OpenVPN server. In any case, the packets seems to be getting NAT applied to make them come from the CARP vip X.X.X.1. Anyone have any idea what I might be doing wrong? Thanks! _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
