OpenVPN Client using another (unassigned) interface
-
Using latest beta of 2.4.0.
Function: VPN > OpenVPN > Clients
I have assigned a particular PPPoE interface to an OpenVPN Client.
However, when that PPPoE interface fails the OpenVPN connection uses the backup LTE interface, and reestablishes the OpenVPN client connection.
The PPPoE interface normally fails when the underlying Fibre connection fails. The OpenVPN connection is not essential and only used for high traffic volumes. So, when the PPPoE connection assigned to the OpenVPN client is not available, the desired behaviour is for the OpenVPN interface and gateway to also be unavailable.
Is this a known problem?
-
Anyone?
-
system_advanced_misc.php
Maybe the option to "skip rules when gateway is down"? That's the name in 2.3.4 at least. It prevents the system from re-creating the rule with a different gateway.
-
Thanks will try suggestion. Function in 2.4 is unchanged.
-
Tried workaround, but it does not work. Thanks for proposal.
Reason it does not work, is that the Gateway for the OpenVPN interface is still up, and therefore the Rule is still valid.
The bug is in the implementation of the OpenVPN Client function. If the specified underlying interface (for OpenVPN) is not available the OpenVPN Client interface should not be established.
Another bug is that gateways which are down are marked as "Unknown" which pose other problems, e.g. it confuses the dynamic DNS updater which regards these interfaces as being up (and therefore does not refresh the ddns address).
pfSense runs ok for me when everything is up. But I find it impossible to seamlessly transition to LTE when the fibre link goes down.