WAN Failover OpenVPN Issues on WAN1 Recovery
-
Good morning everyone … I've been beating my head on this one, and figured it time to reach out to the community.
I have a Dual WAN pfSense configuration, using gateway group. Right now, just about everything works ... When my WAN1 fails, all traffic routes over WAN2 without problem.
The issues arise when WAN1 recovers. When WAN1 recovers, persistent connections kind of stick on WAN2. For instance, if I start a ping when in a failed state, the pings route over WAN2. When WAN1 recovers you can see the pings stay stuck on the WAN2 connection (I can tell because WAN1 has about 8ms latency, WAN2 has about 40ms latency since it is 4G-LTE). If I stop the ping, and wait about 10-20 seconds, and then start the ping again, you can see the state clears, and the pings now route out WAN1.
For most everything that I do, this is fine ... I just kind of assume after WAN1 recovers, in due time, all traffic will route back over WAN2.
The problem arises for my OpenVPN connections. These are persistent connections that are always on. So when a failover occurs, they establish over WAN2. When WAN1 recovers, the only way I am able to get them back over to WAN1 is to either "force" a failure on WAN2, or I go in to the OpenVPN configuration for the VPN connection, and set it from the Gateway group interface, directly to WAN1, forcing it to move to WAN1, and then changing it back to use the gateway group.
Has anyone come across this type of issue? It would seem that what is needed is when WAN1 recovers, you almost need to force a state table clearing to force connections back over WAN1. Obviously, this isn't he most graceful way to do things. Maybe you can just force a state clearing for specifics endpoints, like the OpenVPN endpoints, so that it forces a failback?
Anyone have any thoughts on this?
-
Same problem here (OpenVPN not switching back from backup to main connection) - so perhaps I can push up the topic?
regards
Luggi