Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client and failover WAN

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 271 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elexir
      last edited by elexir

      Hi,

      I've been running a standalone pfsense box(no cluster) with a single WAN delivered over TP for a while where I route all traffic towards internet over a privacy VPN (Mullvad.net) over OpenVPN and it been running really well.

      pfsense  ---> ISP ---> Mullvad over OpenVPN
      

      Now I added a 4G backup WAN connection. I created a gateway group with the 4G connection as backup connection. Changed default gateway to the new gateway group. Changed interface on the Mullvad OpenVPN client profile to the new group interface. Connectivity is still working great through the main WAN connection. Until I disconnect the main connection. After this OpenVPN fails to connect through the 4G connection with the following errors in the log:

      Feb 20 20:58:30	openvpn	84202	TCP connection established with [AF_INET]185.213.154.137:443
      Feb 20 20:58:30	openvpn	84202	TCPv4_CLIENT link local (bound): [AF_INET][4G INTERFACE ADDRESS]:0
      Feb 20 20:58:30	openvpn	84202	TCPv4_CLIENT link remote: [AF_INET]185.213.154.137:443
      Feb 20 20:59:30	openvpn	84202	TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Feb 20 20:59:30	openvpn	84202	TLS Error: TLS handshake failed
      Feb 20 20:59:30	openvpn	84202	Fatal TLS error (check_tls_errors_co), restarting
      Feb 20 20:59:30	openvpn	84202	SIGUSR1[soft,tls-error] received, process restarting
      Feb 20 20:59:40	openvpn	84202	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      
      • When I use the feature 'test port' in pfSense the connection towards 185.213.154.137:443 through 4G connection it is working.

      • Internet connectivity is working after failover to 4G (tested to ping an external host) from the pfSense box (traffic nownot routed through the VPN, goes directly to Internet)

      • When I test connecting through the same 4G subscription on an other computer, OpenVPN connects fine. So my 4G ISP should not be blocking the connection.

      Anyone have an idea on what I should look at?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.