Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Muti WAN to Multi WAN S2S VPN failover

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 506 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dlogan
      last edited by

      Main site and satellite office both have 2 WAN connections.

      At the main site, my OpenVPN servers listen on localhost, with UDP ports forwarded on each WAN connection.

      At the satellite office, there are OpenVPN clients on each WAN. WAN1's OpenVPN client primary VPN endpoint is Main site's WAN1, with WAN2 as secondary.
      WAN2's OpenVPN client primary VPN endpoint is Main site's WAN2, with WAN1 as secondary.

      This works well for failover. But we do policy routing, preferring certain S2S VPN for certain traffic.

      The problem I have is that the WAN2 -> WAN2 vpn sometimes drops for a minute, causing the WAN2 VPN at the satellite office to failover to using the Main site's WAN1 as it's VPN endpoint.

      So now, both client VPNs at the sattelite office are connected to the Main site's WAN1. This is fine, except that the reverse never happens. It never checks to see if it's primary is available and switches back to it's primary endpoint.

      Is there a way to configure this? I resolve this manually simply by restarting the OpenVPN client on satellite's WAN2 interface. Upon restarting, it connects back to it's primary. It may be sufficient to simply restart this VPN connection every night, but I don't know how to accomplish that either.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @dlogan
        last edited by

        @dlogan
        No, this cannot be done in OpenVPN.

        I think, you could achieve this with two failover groups with inverted gateway priorities. But this requires two different OpenVPN servers on the main site.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.