[pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

hello, in pfsense 2.0.2 it is now new and great, that the CARP master will handle the tunnels of openvpn, and the CARP backup will stop the openvpn _SERVER_ however: - setup site2site - outpost has also 2 pfsense boxes for HA - both in OpenVPN CLIIENT mode - OpenVPN sync in Virtual IP / carp

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

On Fri, Jan 4, 2013 at 6:19 PM, WolfSec-Support supp...@wolfsec.ch wrote: hello, in pfsense 2.0.2 it is now new and great, that the CARP master will handle the tunnels of openvpn, and the CARP backup will stop the openvpn _SERVER_ however: - setup site2site - outpost has also 2 pfsense

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

Hi Chris, 2013/1/5 Chris Buechler c...@pfsense.org It's done automatically in 2.0.2 and newer. nope, only on CARP members with usage of openvpn server it will work. here in my v2.0.2 setup with 2 openvpn clients it won't work. also the carp backup tries permanently to open the tunnel via

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

@cris: in rc.carpmaster and rc.carpbackup is the same relevant code: /* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN clients on a CARP cluster can be problematic. */ global $config; if (is_array($config['openvpn']) is_array($config['openvpn']['openvpn-client'])) {

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

On 1/4/2013 7:39 PM, WolfSec-Support wrote: --- openvpn_restart('client', $settings); That code is smart enough to not start if it's in backup mode. The key is that the VPN must be bound to a CARP VIP. If you did not bind the VPN to a CARP VIP in its interface setting, then it will not

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

hi jim, 2013/1/5 Jim Pingle li...@pingle.org On 1/4/2013 7:39 PM, WolfSec-Support wrote: --- openvpn_restart('client', $settings); That code is smart enough to not start if it's in backup mode. The key is that the VPN must be bound to a CARP VIP. ah, ok. - only the LAN of the outpost has

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

On Fri, Jan 4, 2013 at 7:21 PM, WolfSec-Support supp...@wolfsec.ch wrote: hi jim, 2013/1/5 Jim Pingle li...@pingle.org On 1/4/2013 7:39 PM, WolfSec-Support wrote: --- openvpn_restart('client', $settings); That code is smart enough to not start if it's in backup mode. The key is that the

Re: [pfSense] OpenVPN CARP, but OpenVPN-Client instead of OpenVPN-Server in v2.0.2

hi chris 2013/1/5 Chris Buechler c...@pfsense.org That's not a proper supported HA config, but it should work if you for sure, I know. simply here is necessary http and VPN für users. so we need no CARP / VIP on WAN. also the ISP can not provide in this contractmodel fixed PA's bind