I'm not an expert here but what I understand is: while you can use pfsync to
sync raw connection states the daemon(s) aren't 'aware' of those per-se. You
basically have 3 options that I can think of..
1. Let the daemon run on the WAN interface of each router and configure your
clients with both IPs2. Use carp (clients configured to point the the single
floating IP)(either of the above will require a client reconnect if the
'active' machine goes down)3. Try to setup an active/active *cluster* scenario
(see #1 below) (leveraging pfsync perhaps). In order to do so I think you'd
need clustered fs storage (glusterfs, nfs, etc) and maybe even OpenVPN-AS.
If anyone knows how to achieve a full active/active cluster in pfsense I'd love
to know how.
Travis Hansen [email protected]
[1]
https://docs.openvpn.net/how-to-tutorialsguides/administration/active-active-high-availability-setup-for-openvpn-access-server/
On Monday, April 25, 2016 2:11 PM, WebDawg <[email protected]> wrote:
On Mon, Apr 25, 2016 at 2:12 PM, Steve Yates <[email protected]> wrote:
> I missed that also, way back when, thanks. We had been connecting to
> either router1 or router2's WAN IP. If router2 is not the CARP master, you
> can connect to it, but it will try to send the response back out through
> router1 so one can't get bi-directional communication.
>
> --
>
> Steve Yates
> ITS, Inc.
>
>
> -----Original Message-----
> From: List [mailto:[email protected]] On Behalf Of Olivier
> Mascia
> Sent: Monday, April 25, 2016 1:49 PM
> To: pfSense Support and Discussion Mailing List <[email protected]>
> Subject: Re: [pfSense] HA and OpenVPN
>
> > Le 25 avr. 2016 à 20:04, Travis Hansen <[email protected]> a
> écrit :
> > Did you select the carp IP as the 'interface' in the openvpn server
> config? or do you just have WAN selected?
>
>
> > Le 25 avr. 2016 à 20:21, Brady, Mike <[email protected]> a
> écrit :
> > Did you change the OpenVPN configured Interface to be the VIP rather
> than the WAN?
>
>
> No, I didn't. :( That was the stupid mistake I was looking after.
> Thank you Brady and Travis.
>
> --
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
OpenVPN I think has failover, multiple hostnames, can you utilize that?
Configure both systems at once? Two different ports?
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
