Route Metrics in Multiple Site to Site OVPN
I am on the cusp of figuring this out, but am stuck on one thing. I want to provide 2 site to site OVPN tunnels to each of my offices between two data centers, and push routes via OVPN to each office to every other office, and both DCs. I want to push the same routes to offices in the tunnel configuration, with a different metric. See diagram below:
I got the VPN configuration figured out and working, however, I am having difficulties in providing metrics to the routes. I know I can use the Advanced Options to push "route 10.120.0.0 255.255.0.0 10" for instance, to give that route a metric of 10. However, I cannot get the other end of the OVPN tunnel to accept "pushed" routes. Do I add "pull" to the remote site?
Is there a way I can either push my routes to a remote site in a site 2 site OVPN configuration, or add the metric to the remote networks field in-line?
Tried with no remote networks in remote site field, tunnel came up but nothing being pushed. Changed mode from TUN to TAP on both ends, that did not work either. Tried multiple entries with the help of the OpenVPN documentation, which causes pfSense to generate an error if metric is entered in remote networks field. Also tried setting metric in Custom Options based on the same documentation.
Apparently, from the OVPN docs, you can do what I am trying to achieve, it just seems that pfSense is preventing me from making those settings:
_–route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.
This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.
netmask default – 255.255.255.255
gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.
metric default -- taken from --route-metric otherwise 0._