Yeah unique subnet on both ends. And the VPN is going to whatever the master is because the user is connected to the WAN VIP, and I confirmed that the connection is active on the master pfsense unit. The problem was reproduced on multiple laptops that connect remotely.
On Fri, May 12, 2017 at 12:49 PM Steve Yates <st...@teamits.com> wrote: > Wandering on by...we have OpenVPN set up on the WAN interfaces so that > should work. Haven't gotten around to moving it to the CARP VIP. However > I've found if you have HA and try to OpenVPN in directly to router2 while > router1 is the Master, that doesn't work. > > Is OpenVPN using a unique subnet at both ends (you and pfSense)? > > -- > > Steve Yates > ITS, Inc. > > -----Original Message----- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Arthur > Wiebe > Sent: Friday, May 12, 2017 10:22 AM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] OpenVPN users no access to LAN - HA pfSense Setup > > Hey guys, last night I did my first HA installation of 2 XG-2758 > appliances. It worked great, my only issue is with OpenVPN Remote Access. > At first it wasn't working on the WAN VIP because I had OpenVPN listening > on the interfaces instead of on the VIP, so changed it to listen on the > VIP. > > Now I'm stuck where the local subnet route is added to the remote users > just fine, for example on a laptop I see a route of 192.168.0.0/24 over > the > VPN interface. > But nothing actually reaches the destination. > > On pfSense nothing shows up in the firewall logs to help. The OpenVPN > interface has a rule to allow all traffic, added by the OpenVPN wizard. > > I've searched the forums and can't find anything that works. > > For now because we needed something running for the morning, we are using > an OpenVPN Access Server virtual machine and it's working fine. > -- > Arthur Wiebe | +1 519-670-5255 <(519)%20670-5255> > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Arthur Wiebe | +1 519-670-5255 _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold