OpenVPN with WAN Failover
-
Hi all,
My problem: When my main WAN comes back online, the OpenVpn connection doesn't switch back. !!!
My setup:
1. I have a local pfSense NetGate SG-5860 running latest pfSense. Lets call it "LPS"
2. I have a cloud appliance running pfSense with Static IP. Let's call it "CPS"
3. LPS has DUAL WAN setup. WAN0 is my main ISP with dynamic IP. WAN1 is my LTE network with netgear LTE modem.
4. I simulate WAN0 failure by pulling ethernet cable, and it switches beautifully to WAN1.
5. My OpenVPN also neatly jumps over.
6. I connect my WAN0 cable back, and the GW switches also beautifully back, and I can see my traffic now going out on WAN0.
7. My LPS doesn't switch its OpenVPN client from WAN1 to WAN0, unless I force restart the service or simulate WAN1 failure.WHY this setup:
1. MY ISP gives me Dynamic IP
2. LTE does double NATting.
3. Tunnel solves the problem to reach my network back.I would really like to have my OpenVPN session switch back when the Gateway Switches back as well.
Any help?
-
Is LPS the OpenVPN server or client?
How exactly did you setup failover for OpenVPN?
Did you select a gateway group for the OpenVPN interface?
Do you have default gateway switching enabled or disabled?
-
Is LPS the OpenVPN server or client?
How exactly did you setup failover for OpenVPN?
Did you select a gateway group for the OpenVPN interface?
Do you have default gateway switching enabled or disabled?
1. LPS => local and is running the OVPN Client
2. Failover setup ==> Two Gateways, and they are in a group.
3. Yes, OVPN is setup for GW Group
4. Yes, default gateway switching is enabled, as without that, normal switching automatically doesn't happen either. -
BUMP…
Any help please?
-
When I try it here, it always switches back, though I don't use default gateway switching on the system where I tried it last.
You could explore an alternate failover option, such as using a routing protocol like OSPF, but that would also result in a steady (but small) stream of traffic on the LTE interface.
-
When I try it here, it always switches back, though I don't use default gateway switching on the system where I tried it last.
You could explore an alternate failover option, such as using a routing protocol like OSPF, but that would also result in a steady (but small) stream of traffic on the LTE interface.
1. So how do you have your default gateway switching happening? I thought that was a required option for gateway failover and firewall to make sure that all traffic passes over?
2. Would you have some guidance on how to put OSPF in this fashion on pfSense?Also, I've notice similar behavior in my Dynamic DNS service. It doesn't switch very nicely until I force restart it.
-
Hi there!
I have the same configuration and the same problem - OpenVPN client on GW group (2 WAN pfsense 2.3.4: WAN - the main ISP and OPT1 - LTE). The failover works fine, but the fail back doesn't happen.
Any ideas?
-
I would love to get some ideas :) .. Anyone?
-
Hi!
I have default gateway switching enabled but seems it doesn't work. In failover mode I don't see default route in the routing table.
Squid also doesn't work with dual WAN (it use the default gateway). I had it working until recently, but for some time this configuration does not work too.
Maybe these two problems have the same reason. I'm not sure.Best!
