Muti WAN to Multi WAN S2S VPN failover

dlogan

Main site and satellite office both have 2 WAN connections.

At the main site, my OpenVPN servers listen on localhost, with UDP ports forwarded on each WAN connection.

At the satellite office, there are OpenVPN clients on each WAN. WAN1's OpenVPN client primary VPN endpoint is Main site's WAN1, with WAN2 as secondary.
WAN2's OpenVPN client primary VPN endpoint is Main site's WAN2, with WAN1 as secondary.

This works well for failover. But we do policy routing, preferring certain S2S VPN for certain traffic.

The problem I have is that the WAN2 -> WAN2 vpn sometimes drops for a minute, causing the WAN2 VPN at the satellite office to failover to using the Main site's WAN1 as it's VPN endpoint.

So now, both client VPNs at the sattelite office are connected to the Main site's WAN1. This is fine, except that the reverse never happens. It never checks to see if it's primary is available and switches back to it's primary endpoint.

Is there a way to configure this? I resolve this manually simply by restarting the OpenVPN client on satellite's WAN2 interface. Upon restarting, it connects back to it's primary. It may be sufficient to simply restart this VPN connection every night, but I don't know how to accomplish that either.

viragomann

@dlogan
No, this cannot be done in OpenVPN.

I think, you could achieve this with two failover groups with inverted gateway priorities. But this requires two different OpenVPN servers on the main site.