I run OpenVPN on the loopback and then rdr-to from the CARP interface to the loopback. PF gracefully handles the rest.
-Steve S. > -----Original Message----- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Elliott Barrere > Sent: Wednesday, November 17, 2010 7:14 PM > To: misc@openbsd.org > Subject: OpenVPN with CARP > > Hi all, > > I have a set of OpenBSD firewalls running CARP for failover and OpenVPN > (in UDP mode) for remote access. The problem is that when I don't specify > an address in the OpenVPN config file, return packets from the BSD boxes > to remote clients are sent from the local interface address rather than > the shared CARP address. It looks like packets generated from this box do > the same. > > Is there a way to a) force the origination address for these packets to > the CARP address (why wouldn't they do that anyway I wonder?) or b) NAT > them in some way to make it work? > > Thanks for any help!
