Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Failover

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freebee
      last edited by

      Hi,
      I configure the pfsense to be a client from another openvpn server.
      In OpenVPN, client, selected tap and interfaces -> any.
      Configured bridge LAN <-> OpenVPN assigned interface. OK.
      How i can make the OpenVPN client connect trough Failover ?. In Rules panel, in openvpn tab, already try change de default gateway to Failover with no success. When disconnect the WAN cable, the openvpn detect and try connect again.
      log:
      Jan 26 01:39:22 openvpn[30219]: SIGUSR1[soft,ping-restart] received, process restarting
      Jan 26 01:39:24 openvpn[30219]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Jan 26 01:39:24 openvpn[30219]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 26 01:39:24 openvpn[30219]: Re-using SSL/TLS context
      Jan 26 01:39:24 openvpn[30219]: UDPv4 link local: [undef]
      Jan 26 01:39:24 openvpn[30219]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
      Jan 26 01:39:24 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
      Jan 26 01:39:26 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
      Jan 26 01:39:30 openvpn[30219]: write UDPv4: Network is unreachable (code=51)
      Jan 26 01:39:38 openvpn[30219]: write UDPv4: Network is unreachable (code=51)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You have to manually change the client over to the other WAN. Having one client up on each WAN all the time and a dynamic routing protocol is the proper way to accomplish automatic OpenVPN failover between WANs.

        1 Reply Last reply Reply Quote 0
        • F
          freebee
          last edited by

          If i change the openvpn client to Tun, its possible to use Failover ?.

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            like cmb said:

            Having one client up on each WAN all the time and a dynamic routing protocol is the proper way to accomplish automatic OpenVPN failover between WANs.

            search this forum for OSPF(=dynamic routing protocol) & openvpn.

            so create 2 vpn client connections and let ospf handle routing

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @freebee:

              If i change the openvpn client to Tun, its possible to use Failover ?.

              no. what I mentioned is the only possible way, either manually change it, or use two connections and a routing protocol.

              1 Reply Last reply Reply Quote 0
              • F
                freebee
                last edited by

                Thanks for your help.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.