Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] OpenVPN as failover for dedicated MetroE WAN fails

    OpenVPN
    1
    2
    492
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sliebhard
      last edited by

      I'm currently working with this in a lab environment only.  It's a very close approximation of our point to multipoint MetroE WAN.  I do have the ability to adjust the hardware topology if needed.

      1.  I have pfsense sitting behind Cisco routers on both sides.  pf has manual outbound NAT and allow any rules on the interfaces as I do not need to filter traffic at the this level.  No static routes on pfsense
      2.  OpenVPN server on one side and client on the other, VPN is up.
      3.  Gateway group on both sides has ME WAN as tier 1 and OpenVPN as Tier 2
      4.  allow any rules have the gw groups setup

      Pulling the WAN cable does not appear to cause a failover event.  I cannot ping over the VPN and cannot browse resources over the VPN.

      What am I missing?

      1 Reply Last reply Reply Quote 0
      • S
        sliebhard
        last edited by

        Disabling negate rules on both sides of the VPN in System>Advanced>Firewall & NAT fixed the issue as policy routing was not being applied properly.

        Thanks to PiBa-NL in ##pfsense on freenode!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.