From 25b61f66a40e5d277334321d5b32a0dca01e2ff1 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sat, 26 Aug 2023 10:50:19 +0200 Subject: [PATCH] VPN: OpenVPN - explain interaction with CARP, including the new option introduced in https://github.com/opnsense/core/commit/f56c6e2a0b9ed62335aaae788a1700d5f9a26903 --- source/manual/vpnet.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/source/manual/vpnet.rst b/source/manual/vpnet.rst index 4d96e659..fb58bd38 100644 --- a/source/manual/vpnet.rst +++ b/source/manual/vpnet.rst @@ -445,6 +445,25 @@ OPNsense are :doc:`grouped ` as `OpenVPN`. devices and use them in a similar fashion as physical interfaces. +................................. +High availability [CARP] +................................. + +When operating an OpenVPN server, there's not much needed to allow an active/passive setup for your environment other then +using a virtual (CARP) address. As the server will stop receiving traffic when the virtual address doesn't it, +the backup will eventually become out of service automatically. + +In client mode, the OpenVPN instance needs to stop trying to reconnect when it's not in :code:`MASTER` mode, the legacy +client module shutsdown all instances directly attached to the interface. Our new instances module allows to select +the :code:`vhid` to track. In most cases an explicit bind isn't needed for a client, the default for a client is to +use the :code:`nobind` option. + +.. Note:: + It's not possible to move between machines fully seamless as the client will have to reconnect in order to reach a + valid state again. + + + ................................. Examples .................................