OpenVPN Failover
-
Hello,
I have a little problem with OpenVPN setup in pfSense. My networks look like here:
WAN: public IP |----- Internet -------| WAN: public IPOpenVPN server 1 (backup) OPT2: 10.100.0.1 | | OPT2: 10.100.0.2
| | (assigned by OpenVPN client daemon)
| | backup OpenVPN client
+----------------------+ +----------------------+
LAN 1 ---------| pfSense box 1 | | pfSense box 2 |--------- LAN 2
LAN IP: 192.168.0.254/24 +---------------------+ +----------------------+ LAN IP: 192.168.4.254/24
| |
OPT1: 10.0.10.1 | | OPT1: 10.0.10.2 (assign. by OpenVPN client daemon)
OpenVPN server 1 (main) TUN1: 10.0.100.1 |- dedicated VPN ---| TUN1: 10.0.100.2
| main OpenVPN client
|
|
| <- Internet ---| WAN: public IP
| | OPT2: 10.101.0.2 (assign. by OpenVPN client daemon)
| | backup OpenVPN client
| +----------------------+
| | pfSense box 3 |--------- LAN 2
| +----------------------+ LAN IP: 192.168.4.254/24
| |
| | OPT1: 10.0.11.2 (assign. by OpenVPN client daemon)
OPT2: 10.0.11.1 | | TUN1: 10.0.110.2
OpenVPN server 2 (main) TUN2: 10.0.110.1 +- dedicated VPN -+ main OpenVPN clientEverything is working like charm with static routing. Each network can reach each others without problem. But when I set Gateway group for VPN interfaces (OPT1 + OPT2 on Box 2 and 3, they cannot reach the opposite network. I disabled static routing, set the firewall rules, but if they set on both boxes, I cannot reach the other networks (from Box 1 to Box 2 and 3 and so on). Static routing cannot be set to gateway group (why? Default gateway can be set to Gateway group forn 2.4.4 onwards) What i have to set in firewall rules?
Dynamic routing is very complicated setup for me, because Box 1 is VPN concentrator for 14 remote pfSense boxes (diagram is simplified for 3 boxes only). All boxes have to access to every other network due to AD replication and user roaming profiles)
Thank you very much for help.
-
Sorry, the txt image is a liitle broken. Right picture is here:
image url)