|
|
hello i've got the following situation: - 2 openbsd boxes as firewall with CARP enabled on alls physical interfaces - openvpn server running on both firewalls - vpn clients are connection to carp (fail-over) ip address which is normaly on the master box (Firwall 1) openvpn clients have to be able to reach Firewall1 and Firewall2 over ssh through the VPN tunnel - so i implemented ospf on my crosslink (10.11.0.0/30 net with crossover-cable between the two firewalls) - and i advertise my vpn network (10.11.0.192/26) with ospf to my ospf neighbour (Firwall2) my openvpn server is pushing the net 10.11.0.0/30 to my vpn clients and they can reach now 10.11.0.1 and 10.11.0.2 (the 2 firewalls) over ssh. thats working very well! and now my problem: - openvpn adds the route 10.11.0.192/26 GW 10.11.0.194 to my routing table - ospfd wants to add the route 10.11.0.192/26 GW 10.11.0.1 to my routing table, too if the ospf route exists when openvpn deamon is started, then openvpn prints >> add ned 10.11.0.192: gateway 10.11.0.194: File exists (because, the ospf route with same network exists) thats no problem while the master firewall is running. but as soon as master firewall is down, the carp ip is going over to Firewall2 and the vpn connections are incoming on Firewall2, then the connections are established but no destination is reachable from my vpnclients because the route for the opevpn net is pointing to the dead master firewall (Firewall1). after ospf dead timer is on zero, the (dead) route is deleted but openvpn doesn't add the local (now valid) route 10.11.0.192/26 GW 10.11.0.194 again... any solutions? ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |