Multi-WAN failover - How to stay on 2\. connection after first one is back again?

  • Hello,

    I have two WAN connections (WAN & OPT interfaces) and have created two gateway groups. Each on using another WAN connection as its first tier. Firewall rules are configured and failover is working fine.

    But it often happens that one connection has stability problems which results in multiple disconnects (online->offline (a few minutes)->online(a few minutes)->offline …) until the connection is working correctly again. In this case the gateway groups keeps switching the connections as the tier one connection is back online for a few seconds or minutes
    and the vpn connection has to be reestablished each time.

    How can I configure the gateway Group1 to stay on the failover (2. Tier) even after the first one comes back online ?
    I would like the group to switch back only if the second tier fails. Is it even possible with pfsense ?

    Current gateway group configuration:
    Group1 (Wan 1.Tier, Opt 2.Tier) is used for dynamic dns service and openvpn connection.
    Group2 (Opt 1.Tier, Wan 2.Tier) is used for web traffic.

    Thank you.

  • It sounds like you have major problems with your Internet connections and might be better suited to resolving that rather then increasing a potential time out which I do not even know if it is possible.  Why do your connections continue to bounce back-and-forth so often?

  • Solving the connection problems would be the best solution, but this isn't possible at the moment as there are no alternatives for a more stable connection here.

    The side with the connection problems is the openvpn server side.
    I have now changed my openvpn configuration according to the "Multi-WAN OpenVPN" documentation.
    I should have found this document earlier.
    This setup allows the pfsense openvpn client boxes to connect to whatever connection is currently available and would not result in connection drop if the other connection comes back online again. This seems to work.

Log in to reply