# Problem with OpenVPN and CARP through UDP



## eayesta (Mar 28, 2011)

Hello, I have two machines configured with CARP for redundancy, so I would like to add my OpenVPN service to it. I'm getting some problem when I try to use with the CARP interface using UDP protocol (with local sis0 interface it justs work fine, and if I use TCP it does so). In my logs I can see how the client starts the TLS negotiation, but then I get a timeout.


```
Mon Mar 28 13:04:13 2011 x.x.x.x:55005 TLS: Initial packet from x.x.x.x:55005, sid=41756224 4c891142
Mon Mar 28 13:04:20 2011 x.x.x.x:55002 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Mar 28 13:04:20 2011 x.x.x.x:55002 TLS Error: TLS handshake failed
Mon Mar 28 13:04:20 2011 x.x.x.x:55002 SIGUSR1[soft,tls-error] received, client-instance restarting
```

Is it not possible to use an OpenVPN with CARP through UDP? If so, any clue about what am I doing wrong?


My OpenVPN server conf is this:


```
port 1194
proto udp
dev tap0
ca /usr/local/etc/openvpn/ca.crt
cert /usr/local/etc/openvpn/openvpn.crt
key /usr/local/etc/openvpn/openvpn.key
dh /usr/local/etc/openvpn/dh2048.pem
ifconfig-pool-persist /var/log/openvpn/ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append   /var/log/openvpn/openvpn.log
verb 3
server-bridge 10.200.62.10 255.255.255.0 10.200.62.91 10.200.62.99
up /usr/local/etc/openvpn/up.sh
down /usr/local/etc/openvpn/down.sh
```

Thanks a lot!


----------



## jmrueda (Dec 22, 2011)

You have to tell OpenVPN to bind to the CARP address. Otherwise, it receives on the CARP address, but replies on one of the other addresses.

Just add this to your openvpn config:


```
local my_carp_ip_address
```


----------

