Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to: internet through failover OVPN clients

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 433 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      AndyScull
      last edited by

      Just wanted to share working setup of multiple OVPN clients (which could connect and disconnect dynamically).
      Maybe it's covered elsewhere, but the things I found deal mostly with 'static' OVPN setups which you have control of and can be sure of OVPN servers working all the time. I however needed to assure OVPN connectivity with randomly disconnecting 3rd-party OVPN servers.
      Usual ovpn client behavior: when even one of ovpn clients disconnects for some reason (server down for example), pfsense ovpn client automatically reverts to it's default gateway, is does not switch to other ovpn client gateway.

      1. Create multiple OVPN client profiles. Test them separately, setup NAT, firewall rules on each one so your LAN can access internet through each ovpn separately.
      2. Create gateway group of their gateways. If needed, setup a different monitor IP for each of them (if gateway itself does not reply to ping). Assign each gateway a different tier, disable WAN and LAN gateways ('never')
      3. Create a firewall rule for LAN network: protocol - 'any'; from - LAN network; to - any; in advanced set Gateway to gateway group you created before.

      Supposedly, if all OVPNs are down, LAN clients won't have access to internet through WAN (could be good for some tight security setups?)

      Things I didn't test: what if all OVPN gateways have same tier in gateway group. Would that mess up traffic or not…

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.