OpenVPN client and failover WAN
I've been running a standalone pfsense box(no cluster) with a single WAN delivered over TP for a while where I route all traffic towards internet over a privacy VPN (Mullvad.net) over OpenVPN and it been running really well.
pfsense ---> ISP ---> Mullvad over OpenVPN
Now I added a 4G backup WAN connection. I created a gateway group with the 4G connection as backup connection. Changed default gateway to the new gateway group. Changed interface on the Mullvad OpenVPN client profile to the new group interface. Connectivity is still working great through the main WAN connection. Until I disconnect the main connection. After this OpenVPN fails to connect through the 4G connection with the following errors in the log:
Feb 20 20:58:30 openvpn 84202 TCP connection established with [AF_INET]220.127.116.11:443 Feb 20 20:58:30 openvpn 84202 TCPv4_CLIENT link local (bound): [AF_INET][4G INTERFACE ADDRESS]:0 Feb 20 20:58:30 openvpn 84202 TCPv4_CLIENT link remote: [AF_INET]18.104.22.168:443 Feb 20 20:59:30 openvpn 84202 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 20:59:30 openvpn 84202 TLS Error: TLS handshake failed Feb 20 20:59:30 openvpn 84202 Fatal TLS error (check_tls_errors_co), restarting Feb 20 20:59:30 openvpn 84202 SIGUSR1[soft,tls-error] received, process restarting Feb 20 20:59:40 openvpn 84202 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
When I use the feature 'test port' in pfSense the connection towards 22.214.171.124:443 through 4G connection it is working.
Internet connectivity is working after failover to 4G (tested to ping an external host) from the pfSense box (traffic
nownot routed through the VPN, goes directly to Internet)
When I test connecting through the same 4G subscription on an other computer, OpenVPN connects fine. So my 4G ISP should not be blocking the connection.
Anyone have an idea on what I should look at?