OpenVPN and Gateway group

  • Hi,
    I've been struggling with a problem getting my OpenVPN client to choose the gateway group instead of the default gateway.

    Here is the configuration for system gateways and gateways groups. The gateway group itself seems to work fine and using it in a firewall rule provides failover between WAN and 4G as expected. (I've set the 4G connection to tier 1 at the moment for testing.)

    gateway group.png

    The OpenVPN client also works fine. Here is the topmost part of the configuration.
    I've selected the gateway group as interface and expects the client to use the gateway group for failover.


    The problem is that it doesn't matter if I change the tiering of WAN and 4G in the gateway group or set any gateway as disabled. The VPN client still uses the WAN gateway to connect to the VPN server (verified by checking the IP in the VPN server log). I've even tried to remove the WAN gateway from the group with no change.

    When checking the status of the OpenVPN tunnel, it does choose the correct interface/subnet for connection ( for WAN or for 4G) but the traffic still exits using the WAN gateway.
    If I change the default gateway for pfSense the VPN client follows this change and connects using the expected gateway. If I set the default gateway to the gateway group everything works as expected, but we cannot have all traffic exiting through the 4G connection in case of a problem.

    Am I missing some part in my configuration or is this a known problem?

    Best regards, Arfid

  • No one? :-)
    Can this be a bug that should be reported or is it a configuration error on my part?

  • LAYER 8 Rebel Alliance

    Are you running 2.4.4-p3?
    Is your OpenVPN Interface assigned?


  • LAYER 8 Rebel Alliance

    I just tried this with a fresh 2.4.4-p3 Installation and it worked for me.
    Client Overview:





    OpenVPN Log Server Side:

    Jun 20 11:43:02 	openvpn 	55634 	UDPv4 link local (bound): [AF_INET]
    Jun 20 11:43:02 	openvpn 	55634 	UDPv4 link remote: [AF_UNSPEC]
    Jun 20 11:43:12 	openvpn 	55634 	Peer Connection Initiated with [AF_INET]

    As you see there is the Client WAN2 IP connected.
    Now let's cut off WAN2:

    OpenVPN Log Server Side:

    Jun 20 11:45:01 	openvpn 	55634 	Peer Connection Initiated with [AF_INET] 

    So there must be something wrong with your Configuration or Installation.


Log in to reply