Bind OpenVPN to a specific upstream gateway (Multi-WAN)
-
I've got two WAN connections provided by two separate routers, in front of the pfSense box.
Everything is working as desired, load balancing is working and I can point certain LAN segments to the different WAN gateways.
I'd like to be able to build two VPN's, one over each router so I can also load balance my OpenVPN traffic over the gateways.
Using the "Interface" option on the OpenVPN client configuration doesn't appear to work, both OpenVPN tunnels seem to ignore this setting when deciding where to route the OpenVPN connections.
I've also tried creating static routes for the two OpenVPN endpoint's on the Internet, one static pointing to the first WAN gateway, the second to the second WAN gateway but this also doesn't appear to work.
Anybody else know how to bind a specific OpenVPN client connection to a specific WAN gateway???
-
You need to use policy based routing for that, but first, you need to create new interfaces and bind your tunnels to those interfaces:
Interfaces -> (assign)
Once that is done, it will create new gateways which can then be used in your LAN firewall rules.
For example, if you want a client with an IP of 10.0.0.1 to be routed over a certain interface, you'd create a new LAN rule above your any/any, change the source to 10.0.01:
then in the "Extra Options" section, click the "Display Advanced" button, scroll down to the bottom and change the Gateway:
Now all internet traffic sourced from 10.0.0.1 will be routed over the tunnel assigned to that particular gateway.
*** The one gotcha that I've read is that you need to bounce the tunnels after the interfaces are assigned or traffic will not be routed properly. So, Status -> Services and restart the service for each tunnel you assigned to your interfaces***
