Bug #6993
open
OpenVPN status error during CARP state transition
Added by James Webb almost 8 years ago.
Updated almost 3 years ago.
Description
Running two devices in HA and have stacked one IP Alias onto the CARP IP. If I bind a OpenVPN server to the IP Alias (on both machines) then during a switch of a carp state, one of the devices will throw the error on the status page "error contacting daemon". This doesn't affect functionality as the OpenVPN service is still running underneath. It just tries to start another OpenVPN instance over an existing one -> address already bound by currently running instance.
So can it be fixed that a new OpenVPN instance is not trying to start without the other one being shutdown first :)
James Webb wrote:
Running two devices in HA and have stacked one IP Alias onto the CARP IP. If I bind a OpenVPN server to the IP Alias (on both machines) then during a switch of a carp state, one of the devices will throw the error on the status page "error contacting daemon". This doesn't affect functionality as the OpenVPN service is still running underneath. It just tries to start another OpenVPN instance over an existing one -> address already bound by currently running instance.
So can it be fixed that a new OpenVPN instance is not trying to start without the other one being shutdown first :)
Same error. Two appliance running pfSense 2.3.3_p1.
If this is still relevant, you can likely work around this by setting the VIP that you're using for OpenVPN to also be a CARP VIP instead of attaching an IP Alias to the CARP VIP. This is generally not recommended, but as a workaround here would likely solve this issue.
More testing needed to verify this is even a problem anymore, though.
Also available in: Atom
PDF