Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN client and failover WAN

    OpenVPN
    1
    1
    46
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elexir last edited by elexir

      Hi,

      I've been running a standalone pfsense box(no cluster) with a single WAN delivered over TP for a while where I route all traffic towards internet over a privacy VPN (Mullvad.net) over OpenVPN and it been running really well.

      pfsense  ---> ISP ---> Mullvad over OpenVPN
      

      Now I added a 4G backup WAN connection. I created a gateway group with the 4G connection as backup connection. Changed default gateway to the new gateway group. Changed interface on the Mullvad OpenVPN client profile to the new group interface. Connectivity is still working great through the main WAN connection. Until I disconnect the main connection. After this OpenVPN fails to connect through the 4G connection with the following errors in the log:

      Feb 20 20:58:30	openvpn	84202	TCP connection established with [AF_INET]185.213.154.137:443
      Feb 20 20:58:30	openvpn	84202	TCPv4_CLIENT link local (bound): [AF_INET][4G INTERFACE ADDRESS]:0
      Feb 20 20:58:30	openvpn	84202	TCPv4_CLIENT link remote: [AF_INET]185.213.154.137:443
      Feb 20 20:59:30	openvpn	84202	TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Feb 20 20:59:30	openvpn	84202	TLS Error: TLS handshake failed
      Feb 20 20:59:30	openvpn	84202	Fatal TLS error (check_tls_errors_co), restarting
      Feb 20 20:59:30	openvpn	84202	SIGUSR1[soft,tls-error] received, process restarting
      Feb 20 20:59:40	openvpn	84202	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      
      • When I use the feature 'test port' in pfSense the connection towards 185.213.154.137:443 through 4G connection it is working.

      • Internet connectivity is working after failover to 4G (tested to ping an external host) from the pfSense box (traffic nownot routed through the VPN, goes directly to Internet)

      • When I test connecting through the same 4G subscription on an other computer, OpenVPN connects fine. So my 4G ISP should not be blocking the connection.

      Anyone have an idea on what I should look at?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy