Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Separate OpenVPN tunnel for management only

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 616 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • LannaL Offline
      Lanna
      last edited by Lanna

      I've had a search around but can't seem to find anything on this use case. What I need to do is connect a remote office back to HQ with TWO separate tunnels, one tunnel over the regular fibre link, the other as a failover for management only on a cellular backup. This office is a 2000 kilometre round trip to Bangkok, so a reliable management link is very important.

      The reason the backup is for management only is it's a very slow 128 kbps link, so if anything other than management traffic is allowed down it it will obviously choke.

      I've tried spinning up two separate tunnels, the remote office dialing into HQ, and while this works is seems to create routing weirdness that I've been unable to resolve. For example, gateway monitoring pings fail intermittently. Presently, in order to get the office up and running, I've just got one tunnel running, with a gateway group with the cellular as a tier 2 failover for that single tunnel, but obviously if that failover triggers the cellular tunnel will bottleneck badly.

      I can't think of any other ways to achieve what I need. Do you have any suggestions? To be clear, I just need the cellular WAN to be a management access OpenVPN backup.

      https://www.youtube.com/watch?v=Fc87pw1aYPg

      1 Reply Last reply Reply Quote 0
      • RicoR Offline
        Rico LAYER 8 Rebel Alliance
        last edited by

        Which OpenVPN mode are you running?
        The backup is only used to access the pfSense remotely, or any networks/hosts behind it?

        -Rico

        1 Reply Last reply Reply Quote 0
        • LannaL Offline
          Lanna
          last edited by Lanna

          Hi Rico. Both tunnels in tun mode. The main tunnel over the fibre will have networks accessible behind both sides. However, the backup tunnel over cellular is intended only for me to see what's going on with the pfSense box.
          I am not using any plugins for the cellular WAN. It is achieved via DHCP with a separate 4G router and a dongle attached to that.

          https://www.youtube.com/watch?v=Fc87pw1aYPg

          1 Reply Last reply Reply Quote 0
          • RicoR Offline
            Rico LAYER 8 Rebel Alliance
            last edited by

            For the backup OpenVPN you did only configure a unique tunnel network? There should be nothing to interference with the main tunnel if you don't configure local/remote network(s) for the backup.
            Show your configuration via screenshots...

            -Rico

            LannaL 1 Reply Last reply Reply Quote 0
            • LannaL Offline
              Lanna @Rico
              last edited by Lanna

              @Rico What I did was dial both tunnels into the same OpenVPN server instance at HQ. I figured as no routes were added to the backup it would work. I guess I figured wrong. I'll try setting up another OpenVPN server instance for the management tunnel.

              https://www.youtube.com/watch?v=Fc87pw1aYPg

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.