Hi all, I have a set of OpenBSD firewalls running CARP for failover and OpenVPN (in UDP mode) for remote access. The problem is that when I don't specify an address in the OpenVPN config file, return packets from the BSD boxes to remote clients are sent from the local interface address rather than the shared CARP address. It looks like packets generated from this box do the same.
Is there a way to a) force the origination address for these packets to the CARP address (why wouldn't they do that anyway I wonder?) or b) NAT them in some way to make it work? Thanks for any help!
