Vault standby node with Consul backend: how to change active_cluster_addr and active_redirect_addr?

There is a little Consul cluster migrated to new network.
Consider old net =, new net =

There are three Vault nodes configured as cluster using Consul backend:

disable_mlock = true
cluster_name = "test1"
max_lease_ttl = "8760h"
default_lease_ttl = "8760h"

listener "tcp" {
  address = ""
  tls_cert_file = "/etc/vault/tls/vault.crt"
    tls_key_file  = "/etc/vault/tls/vault.key"
    tls_min_version  = "tls12"
    tls_cipher_suites = "..."
    tls_prefer_server_cipher_suites = "false"
    tls_disable = "false"

backend "consul" {
  address = ""
  datacenter = "test1"
  path = "vault"
  service = "vault"
  cluster_addr = ""
  redirect_addr = ""
  disable_clustering = "False"
  scheme = "http"
ui = true


Vault standby nodes (running on and are trying to access active node (actually running in using old IP (

Server status:

# vault status -address -tls-skip-verify
Key                    Value
---                    -----
Seal Type              shamir
Initialized            true
Sealed                 false
Total Shares           5
Threshold              3
Version                0.11.2
Cluster Name           test1
Cluster ID             d0cc1d1e-e0fd-601d-7ebc-7b90a00482ae
HA Enabled             true
HA Cluster   
HA Mode                standby
Active Node Address

Server output:

==> Vault server configuration:
             Api Address:
                     Cgo: disabled
         Cluster Address:
              Listener 1: tcp (addr: "", cluster address: "", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
               Log Level: debug
                   Mlock: supported: true, enabled: false
                 Storage: consul (HA available)
                 Version: Vault v0.11.2
             Version Sha: 2b1a4304374712953ff606c6a925bbe90a4e85dd
==> Vault server started! Log data will stream in below:
[DEBUG] storage.consul: config path set: path=vault
[WARN ] storage.consul: appending trailing forward slash to path
[DEBUG] storage.consul: config disable_registration set: disable_registration=false
[DEBUG] storage.consul: config service set: service=vault
[DEBUG] storage.consul: config service_tags set: service_tags=
[DEBUG] storage.consul: config service_address set: service_address=
[DEBUG] storage.consul: config address set: address=
[DEBUG] storage.consul: config scheme set: scheme=http
[DEBUG] storage.cache: creating LRU cache: size=0
[DEBUG] cluster listener addresses synthesized: cluster_addresses=[]
[DEBUG] core: cannot unseal, not enough keys: keys=1 threshold=3 nonce=9284c56c-1585-10d6-5118-47962adea603
[DEBUG] core: cannot unseal, not enough keys: keys=2 threshold=3 nonce=9284c56c-1585-10d6-5118-47962adea603
[INFO ] core: vault is unsealed
[INFO ] core: entering standby mode
[DEBUG] core: parsing information for new active node:
[DEBUG] core: refreshing forwarding connection
[DEBUG] core: clearing forwarding clients
[DEBUG] core: done clearing forwarding clients
[DEBUG] core: done refreshing forwarding connection


How to forget old active_cluster_addr and active_redirect_addr, and rejoin to active node using new ipaddr?

Hey did you ever found the solution to that by any chance ?