Hello, I would like to ask a question regarding the OpenVPN dual WAN failover with CARP pfsense firewalls (ver. 2.5) (cluster of 2 pfsense firewalls) as client in a site-to-site connection.
We have a cluster pfsense (x2) and we have setup an OpenVPN site-to-site with another remote pfsense firewall server (not clustered). We have created a gateway group in the client-cluster OpenVPN client with 2 WAN interfaces (Tier1 and Tier2). When we simulated the drop of Tier 1 gateway WAN interface in the Master pfsense (“Mark as down”) then the Backup pfsense of the cluster UPs the OpenVPN service when it sees the PID of the OpenVPN service on the Master pfsense as down. Creates the site-to-site VPN and in its routing of the return traffic from the server “sees” the routing interfaces on the Master as up and the routing stops. I saw something similar in OpenVPN on Failover GW and master/slave config fails | Netgate Forum website forum but i do not know how much this applies to us. Is there a solution to this scenario? Do we need to check the versions of our PFsense cluster firewalls? Thank you
Most of our site to sites are with IPSEC or Wireguard so I am not sure, I would post in the pfsense forums.
1 Like
Thanks, Tom. will do.