Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi Wan with OpenVPN Client issue

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bikepapa
      last edited by

      Hi all,

      I'm struggling with following setup:

      Have a pfSense Firewall with 2 WAN connections (Failover).

      Created Gateway Group with 1 x Wan Tier 1 und 1 x Wan Tier 2.

      Wan Tier 1, is a DSL Connection. Call it WAN_Main
      Wan Tier 2, is a 4G backup connection. Call it WAN_4G

      On my firewall, I configured an OpenVPN client. This client should be always connected to a server in the cloud.

      Everything works fine, but i have ONE MAJOR Issue.

      When I disconnect WAN_Main, the OpenVPN reconnects to my server with WAN_4G. But when I reconnect WAN_Main, my OpenVPN client continues to use the WAN_4G Gateway.

      How can I force the OpenVPN client to use WAN_Main when it's up ?

      1 Reply Last reply Reply Quote 0
      • B
        Bikepapa
        last edited by

        I have found one way but in my opinion it's not a clean solution.

        Added a floating firewall rule:

        Action: pass
        Quick: enable
        Interface: all
        Direction: out
        AddressType: IPv4
        Protocol:UDP
        Source: any
        Destination: any + Port Range OpenVPN
        TCP Flags Any flags.
        Gateway: WAN_Main

        I keep searching

        1 Reply Last reply Reply Quote 0
        • P
          pwood999
          last edited by

          Think about what triggers the VPN to reconnect.  "When I disconnect WAN_Main, the OpenVPN reconnects to my server with WAN_4G".

          So when WAN_Main is reconnected, the OpenVPN will stay on 4G until it sees a problem with that WAN.  Try disconnecting WAN_4G after the WAN_Main is reconnected & stable.

          Pete

          1 Reply Last reply Reply Quote 0
          • B
            Bikepapa
            last edited by

            Obviously, when the VPN is connected with WAN_4G gateway and i disconnect it, it will reconnect to WAN_Main…. there is no doubt.

            My initial question was: How can I force the OpenVPN client to use WAN_Main when it's up ? ... without disconnecting WAN_4G.

            1 Reply Last reply Reply Quote 0
            • E
              elsleepy
              last edited by

              I have a multi wan vpn setup (loadbalacing)

              the 2 vpn's are up and loadbalacings works

              when I pull the cable from wan 1 everything goes over the vpn on wan2.
              if I then pull the cabel on wan2 and place back the cable in wan1. the vpn on wan 1 comes back up and everything goes over the vpn on wan 1
              but when I place black the cabel in wan2 (so the 2 vpn's are up again) the loadbalacing does not work any more! and trafic keep going over the last vpn that was working

              if I pull the cables from wan 1 and 2 together and place them back at the same time the loadbalacing starts working again over the 2 vpn's

              :-\

              1 Reply Last reply Reply Quote 0
              • B
                Bikepapa
                last edited by

                It has been a while.

                So I'm happy to present to you my final working solution.

                Using Version 2.4.2-RELEASE-p1 (amd64)

                Have a pfSense Firewall with 2 WAN connections (Failover).
                
                Created Gateway Group [FAILOVER] with 1 x Wan Tier 1 und 1 x Wan Tier 2.
                
                Wan Tier 1, is a DSL Connection. Call it WAN_Main
                Wan Tier 2, is a 4G backup connection. Call it WAN_4G
                
                On my firewall, I configured an OpenVPN client. [u]This client should always be connected to a server in the cloud AND use WAN_Main if online[/u]. 
                
                So, if WAN_Main fails, the vpn should fallback to WAN_4G. As soon, WAN_Main is back online, the vpn client reconnects with WAN_Main.
                
                

                To do so, create a VPN Client as usually, but use Gateway Group [FAILOVER] as interface.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.