Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multiple vpn clients failsafe

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 902 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lightdark
      last edited by lightdark

      Let me start by saying im a complete noob. So let me try to explain and good luck figuring out what im talking about. I use a vpn service like PIA and sometimes the server im connected to goes down for maintenance. Though not often it does happen and seems to happen when im away for a week or more.....of course right. Anyway what id like pfsense to do is try to connect to the first vpn client if that doesn't work then try and different one. Or maybe there is a much easier solution that I've completely overlooked? Any help would be appreciated thank you.

      N 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        If PIA has multiple sites that can accept the same credentials, you should be able to add secondary remote entries to the custom options in the client configuration.

        https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 1
        • N
          Napsterbater @lightdark
          last edited by

          @lightdark

          My solution is to check "Authentication Retry: (Check) Do not retry connection when authentication fails" and add the package Service_Watchdog, then set it to "watch" the PIAopenVPN service.

          Most failures I have seen from PIA were "Auth Failed" so it would keep retrying the same server, this way the service exits, Watchdog restarts it with a new DNS lookup thus new server.

          Might not be the only option but it seems to work great for me.

          1 Reply Last reply Reply Quote 1
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Yeah. It depends on what the nature of the "failure" is. In this case it sounds like just the provider changing things around. Do they tell you to connect to an IP address or a hostname? Seems there's an infinite retry on DNS resolution that might also help.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • R
              richtemark
              last edited by

              Check out the following guide which explains quite well how to set up multiple OpenVPN client connections in pfSense:

              https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.