I'm not an expert here but what I understand is: while you can use pfsync to sync raw connection states the daemon(s) aren't 'aware' of those per-se. You basically have 3 options that I can think of.. 1. Let the daemon run on the WAN interface of each router and configure your clients with both IPs2. Use carp (clients configured to point the the single floating IP)(either of the above will require a client reconnect if the 'active' machine goes down)3. Try to setup an active/active *cluster* scenario (see #1 below) (leveraging pfsync perhaps). In order to do so I think you'd need clustered fs storage (glusterfs, nfs, etc) and maybe even OpenVPN-AS. If anyone knows how to achieve a full active/active cluster in pfsense I'd love to know how. Travis Hansen travisghan...@yahoo.com [1] https://docs.openvpn.net/how-to-tutorialsguides/administration/active-active-high-availability-setup-for-openvpn-access-server/
On Monday, April 25, 2016 2:11 PM, WebDawg <webd...@gmail.com> wrote: On Mon, Apr 25, 2016 at 2:12 PM, Steve Yates <st...@teamits.com> wrote: > I missed that also, way back when, thanks. We had been connecting to > either router1 or router2's WAN IP. If router2 is not the CARP master, you > can connect to it, but it will try to send the response back out through > router1 so one can't get bi-directional communication. > > -- > > Steve Yates > ITS, Inc. > > > -----Original Message----- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier > Mascia > Sent: Monday, April 25, 2016 1:49 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: Re: [pfSense] HA and OpenVPN > > > Le 25 avr. 2016 à 20:04, Travis Hansen <travisghan...@yahoo.com> a > écrit : > > Did you select the carp IP as the 'interface' in the openvpn server > config? or do you just have WAN selected? > > > > Le 25 avr. 2016 à 20:21, Brady, Mike <mike.br...@devnull.net.nz> a > écrit : > > Did you change the OpenVPN configured Interface to be the VIP rather > than the WAN? > > > No, I didn't. :( That was the stupid mistake I was looking after. > Thank you Brady and Travis. > > -- > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > OpenVPN I think has failover, multiple hostnames, can you utilize that? Configure both systems at once? Two different ports? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold