Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (SOLVE)OVPN Load Balance Review

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by periko

      Hi guys.

      With a pfsense with 2 wans and a pfsense client with 2 wans, is possible to setup a load-balance between both system if I follow my diagram?

      0_1539219008914_ovpn-load-balance.png

      Any comment or suggestion will be appreciated, thanks.

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you have the OpenVPN interfaces assigned so they have gateways, then yes, you just setup a gateway group using the VPN gateways on the same tier. It is still only connection-based load balancing, though, so don't expect to get the full bandwidth of both WANs for a single transfer/stream.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • perikoP
          periko
          last edited by

          Hi Jimp.

          1 of mi doubts is related to route, because I have 2 ovpn servers on the same box and each on different wan, the same in the client side.

          How do I manage my routes on each side?

          IPv4 Remote Network(s)

          Can I add the route on each ovpn created or how do each box know who to route the traffic?

          Thanks for your help Jimp.

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You don't use routes, you policy route everything. With the interfaces assigned and rules only on the assigned interface tabs to pass, you can policy route from LAN to LAN and reply-to will handle the return traffic.

            You could use FRR and setup BGP or OSPF between the sites as well but that's not usually necessary.

            I'd keep routes on one of the VPNs so the firewalls can talk to each other over the VPN, but then use policy routing and reply-to to get the rest.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • perikoP
              periko
              last edited by

              I had tested but looks like both system doesn't know who to route the traffic.

              I run tcpdump on clients behind both networks and they receive the packets, the reply is receive by the LAN interface and there stop.

              Looks like the GW-Group Tier created is not working.

              Once the LAN interface receive, I had the policy to use the GW create with both

              Load Balance GW with the ovpn interfaces is working, because I can see traffic in both links.

              0_1539313663511_VPN-SRV.png

              0_1539313670622_VPN-SRV-2.png

              Comunication between tunels 10.0.0.x works.
              But networks behind pfsense's won't.

              Policy Routing is not working.

              What is missing...

              Thanks for your time.

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Make sure the OpenVPN firewall rule tab does not have any rules on it. Only on the assigned interface tabs.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • perikoP
                  periko
                  last edited by

                  Please confirm if I understand your point.

                  0_1539365694403_ovpn-rules.png

                  Thanks Jimp.

                  Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                  www.bajaopensolutions.com
                  https://www.facebook.com/BajaOpenSolutions
                  Quieres aprender PfSense, visita mi canal de youtube:
                  https://www.youtube.com/c/PedroMorenoBOS

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Yes, that should be right

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 1
                    • perikoP
                      periko
                      last edited by

                      Jimp my hi5 to u, that was the trick.
                      Now I will create a Load-Balance, FailOver1, FailOver2 for my connections.
                      Thanks Jimp.

                      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                      www.bajaopensolutions.com
                      https://www.facebook.com/BajaOpenSolutions
                      Quieres aprender PfSense, visita mi canal de youtube:
                      https://www.youtube.com/c/PedroMorenoBOS

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.