hello,
in pfsense 2.0.2 it is now new and great,
that the CARP master will handle the tunnels of openvpn,
and the CARP backup will stop the openvpn _SERVER_
however:
- setup site2site
- outpost has also 2 pfsense boxes for HA
- both in OpenVPN CLIIENT mode
- OpenVPN sync in Virtual IP / carp
On Fri, Jan 4, 2013 at 6:19 PM, WolfSec-Support supp...@wolfsec.ch wrote:
hello,
in pfsense 2.0.2 it is now new and great,
that the CARP master will handle the tunnels of openvpn,
and the CARP backup will stop the openvpn _SERVER_
however:
- setup site2site
- outpost has also 2 pfsense
Hi Chris,
2013/1/5 Chris Buechler c...@pfsense.org
It's done automatically in 2.0.2 and newer.
nope, only on CARP members with usage of openvpn server it will work.
here in my v2.0.2 setup with 2 openvpn clients it won't work.
also the carp backup tries permanently to open the tunnel via
@cris:
in rc.carpmaster and rc.carpbackup is the same relevant code:
/* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN
clients on a CARP cluster can be problematic. */
global $config;
if (is_array($config['openvpn'])
is_array($config['openvpn']['openvpn-client'])) {
On 1/4/2013 7:39 PM, WolfSec-Support wrote:
--- openvpn_restart('client', $settings);
That code is smart enough to not start if it's in backup mode.
The key is that the VPN must be bound to a CARP VIP.
If you did not bind the VPN to a CARP VIP in its interface setting, then
it will not
hi jim,
2013/1/5 Jim Pingle li...@pingle.org
On 1/4/2013 7:39 PM, WolfSec-Support wrote:
--- openvpn_restart('client', $settings);
That code is smart enough to not start if it's in backup mode.
The key is that the VPN must be bound to a CARP VIP.
ah, ok.
- only the LAN of the outpost has
On Fri, Jan 4, 2013 at 7:21 PM, WolfSec-Support supp...@wolfsec.ch wrote:
hi jim,
2013/1/5 Jim Pingle li...@pingle.org
On 1/4/2013 7:39 PM, WolfSec-Support wrote:
--- openvpn_restart('client', $settings);
That code is smart enough to not start if it's in backup mode.
The key is that the
hi chris
2013/1/5 Chris Buechler c...@pfsense.org
That's not a proper supported HA config, but it should work if you
for sure, I know.
simply here is necessary http and VPN für users.
so we need no CARP / VIP on WAN.
also the ISP can not provide in this contractmodel fixed PA's
bind