Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN to Multi WAN VPN failover

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 682 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dlogan
      last edited by

      Current setup:

      Site 1 Fiber 1 (S2S OpenVPN Server 1) < ------- > (S2S OpenVPN Client 1) Site 2 Fiber 1

      Site 1 Fiber 2 (S2S OpenVPN Server2) < -------- >(S2S OpenVPN Client 2) Site 2 Fiber 2

      2 VPN instances at site 1, each connect to a VPN instance at site 2.

      I have LAN rules on each side that use a failover group with each OpenVPN instance's gateway.

      If both sides Fiber 1 go down, no problem. If both sides Fiber 2 go down, no problem.
      However if Fiber 1 at Site 1 and Fiber 2 at Site 2 go down, we're down until something is reconfigured.

      To complicate things, we now have a 3rd WAN (Cradlepoint LTE) at Site 1. Of course the powers that be don't understand how any of this is configured, so they just bought another internet service and expect it all to just work.

      We actually recently lost (for about a week) both fibers at site 1 (Hurricane Ida). Cleanup crews cut lines in multiple places.

      So what do I do with WAN3? How can any of this be configured? To complicate matters you can't use the standard 1500 MTU on LTE, the VPN has to be configured with a lower MTU because LTE sucks.

      Any ideas?

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @dlogan
        last edited by

        @dlogan said in Multi WAN to Multi WAN VPN failover:

        If both sides Fiber 1 go down, no problem. If both sides Fiber 2 go down, no problem.
        However if Fiber 1 at Site 1 and Fiber 2 at Site 2 go down, we're down until something is reconfigured.

        Since each client can only go out on a certain WAN, this is given by the setup.
        You can allow both clients to use both WAN connections to avoid this.

        To complicate things, we now have a 3rd WAN (Cradlepoint LTE) at Site 1. Of course the powers that be don't understand how any of this is configured, so they just bought another internet service and expect it all to just work.

        So what do I do with WAN3? How can any of this be configured? To complicate matters you can't use the standard 1500 MTU on LTE, the VPN has to be configured with a lower MTU because LTE sucks.

        You can setup an additional server and client and add the gateway to the gateway group as well if you want get out max performance of each VPN.
        Or simply forward WAN3 OpenVPN packets to one of the existing servers and add a remote line for it to one of the clients accepting the lower MTU.

        D 1 Reply Last reply Reply Quote 1
        • D Offline
          dlogan @viragomann
          last edited by

          @viragomann

          I think I get what you're saying. I'll play around with it. Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.