OpenVPN Client Failover
-
Hi,
I configure the pfsense to be a client from another openvpn server.
In OpenVPN, client, selected tap and interfaces -> any.
Configured bridge LAN <-> OpenVPN assigned interface. OK.
How i can make the OpenVPN client connect trough Failover ?. In Rules panel, in openvpn tab, already try change de default gateway to Failover with no success. When disconnect the WAN cable, the openvpn detect and try connect again.
log:
Jan 26 01:39:22 openvpn[30219]: SIGUSR1[soft,ping-restart] received, process restarting
Jan 26 01:39:24 openvpn[30219]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 26 01:39:24 openvpn[30219]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jan 26 01:39:24 openvpn[30219]: Re-using SSL/TLS context
Jan 26 01:39:24 openvpn[30219]: UDPv4 link local: [undef]
Jan 26 01:39:24 openvpn[30219]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Jan 26 01:39:24 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
Jan 26 01:39:26 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
Jan 26 01:39:30 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
Jan 26 01:39:38 openvpn[30219]: write UDPv4: Network is unreachable (code=51) -
You have to manually change the client over to the other WAN. Having one client up on each WAN all the time and a dynamic routing protocol is the proper way to accomplish automatic OpenVPN failover between WANs.
-
If i change the openvpn client to Tun, its possible to use Failover ?.
-
like cmb said:
Having one client up on each WAN all the time and a dynamic routing protocol is the proper way to accomplish automatic OpenVPN failover between WANs.
search this forum for OSPF(=dynamic routing protocol) & openvpn.
so create 2 vpn client connections and let ospf handle routing
-
If i change the openvpn client to Tun, its possible to use Failover ?.
no. what I mentioned is the only possible way, either manually change it, or use two connections and a routing protocol.
-
Thanks for your help.