Hello, I now have a HA cluster of 2 pfSense boxes pretty much well setup, everything working as expected, excepted one thing. Connecting to a remote access OpenVPN server on the WAN CARP IP fails here:
Apr 25 19:29:36: Vérification du statut d'accessibilité de la connexion ... Apr 25 19:29:36: La connexion est accessible. Tentative de démarrage de la connexion. Apr 25 19:29:38: OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 2 2016 Apr 25 19:29:38: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09 Apr 25 19:30:00: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.5wkLkh/ta.key' as a OpenVPN static key file Apr 25 19:30:00: UDPv4 link local (bound): [undef] Apr 25 19:30:00: UDPv4 link remote: [AF_INET]w.x.y.z:1194 ... and after a timeout: Apr 25 19:31:00: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 25 19:31:00: TLS Error: TLS handshake failed Apr 25 19:31:00: SIGUSR1[soft,tls-error] received, process restarting Apr 25 19:31:01: UDPv4 link local (bound): [undef] Apr 25 19:31:01: UDPv4 link remote: [AF_INET]w.x.y.z:1194 ... When connecting to either box non CARP WAN address, ie w.x.y.z+1 or z+2 in this example, it works. Even accepting UDP OpenVPN on destination Any does not fix it. So this does not look like a filter rule issue. Is there something particular to take into account regarding UDP traffic toward the WAN CARP IP or something specific regarding OpenVPN? I can live with having to establish VPN to the primary box and change it should it fail (this is for maintenance only of the resources behind the firewall), but I find it strange it does not work on the CARP IP. What obvious thing did I miss? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
