• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] OpenVPN as failover for dedicated MetroE WAN fails

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 508 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sliebhard
    last edited by Oct 24, 2016, 10:44 PM Oct 24, 2016, 4:37 PM

    I'm currently working with this in a lab environment only.  It's a very close approximation of our point to multipoint MetroE WAN.  I do have the ability to adjust the hardware topology if needed.

    1.  I have pfsense sitting behind Cisco routers on both sides.  pf has manual outbound NAT and allow any rules on the interfaces as I do not need to filter traffic at the this level.  No static routes on pfsense
    2.  OpenVPN server on one side and client on the other, VPN is up.
    3.  Gateway group on both sides has ME WAN as tier 1 and OpenVPN as Tier 2
    4.  allow any rules have the gw groups setup

    Pulling the WAN cable does not appear to cause a failover event.  I cannot ping over the VPN and cannot browse resources over the VPN.

    What am I missing?

    1 Reply Last reply Reply Quote 0
    • S
      sliebhard
      last edited by Oct 24, 2016, 10:44 PM

      Disabling negate rules on both sides of the VPN in System>Advanced>Firewall & NAT fixed the issue as policy routing was not being applied properly.

      Thanks to PiBa-NL in ##pfsense on freenode!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received