Be more intelligent when managing OpenVPN client connections bound to CARP VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop.

If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.

1 files changed, 10 insertions, 0 deletions

diff --git a/etc/rc.carpmaster b/etc/rc.carpmaster
index 5b85e03..aaac868 100755
--- a/etc/rc.carpmaster
+++ b/etc/rc.carpmaster
@@ -32,10 +32,20 @@
 require_once("functions.inc");
 require_once("config.inc");
 require_once("notices.inc");
+require_once("openvpn.inc");
 
 $notificationmsg = "A carp cluster member has resumed the state 'MASTER'";
 
 notify_via_smtp($notificationmsg);
 notify_via_growl($notificationmsg);
 
+/* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */
+global $config;
+foreach ($config['openvpn']['openvpn-client'] as $settings) {
+	if ($settings['interface'] == $argv[1]) {
+		log_error("Starting OpenVPN instance on {$settings['interface']} because of transition to CARP master.");
+		openvpn_restart('client', $settings);
+	}
+}
+
 ?>
\ No newline at end of file