Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN as a backup link

    OpenVPN
    3
    6
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • werterW
      werter
      last edited by

      Hi all!
      I have pfsense with 3 interfaces - LAN, WAN (default) and OPT1 , where WAN - link to internet, OPT1 is corporate link (static address) with our 29 filials. And all is well, but sometimes OPT1 link is down and in this case
      I'm set up Openvpn on my pfsense. OpenVPN service is worked good. When OPT1 link is down , I manually added or uncomment the line route 10.x.x.x; in OpenVPN: Server: Advanced configuration: Advanced on my pfsense , where 10.x.x.x; - client network address. But i don't want do it manually and I can't do it not manually :( because when this line is not uncomment in configuration - this route to client network is becomes the main route but OPT1 link is worked fine in this time. I need that a route with OpenVPN connection would be a minor route (and of course I'm add a static route to the client network with OPT1 gateway by default).

      I try add metric to the route\interface but (sic!) FreeBSD doesn't have the possibility of adding a metric.

      I just want that the OpenVPN link (as second gateway) and default gateway (OPT1 in my case) worked simultaneously w\o the problems.
      Please help. Thx.

      P.s. Sorry for my English.

      1 Reply Last reply Reply Quote 0
      • F
        fstephani
        last edited by

        Hello,

        Have you considered using QuaggaOSPF to achieve the fail over?

        That would be a good solution if you:

        1. Run OSPF on your switches
        2. Do not need Layer2 communication between your switches (ie running 802.1q between your switches)

        There probably is a way to do the layer 2 links but I ran out of time to figure it out.

        Fred

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          OSPF is indeed the best solution for that. It can also be hacked in using gateway groups with proper monitor IPs that'll detect the connection status, but that gets ugly in comparison.

          1 Reply Last reply Reply Quote 0
          • werterW
            werter
            last edited by

            Thx for your help, guys!
            Can I used OSPF when on the second end of the tunnel is w2k-server as OpenVPN-client? Is that will be work? And where I can find good manuals for OSPF on Win?

            1 Reply Last reply Reply Quote 0
            • F
              fstephani
              last edited by

              On the end with the server you will have a easier time if you can put a pfsense box on that end between the server and the redundant connections. Remember pfSense will run very nicely on a old computer, so you may have a suitable box lying around or in the recycle pile.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Windows won't do OSPF so that's not an option. You need a proper router to do failover, you'll really have to move the OpenVPN off the Windows server to do that properly.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.