opvevpn client to site on secondary wan
-
hello everyone i wanted to ask a question.
i have a vpn configured with various servers, one is used with external clients (windows pc) so it is a client to site.
the others are to connect various external locations where there is another pfsense server (site to site)
all enter via WAN interface with ports from 1194 onwards, 1194 is only used for client to site.
the question was, is it possible to make sure that if the data line on the WAN interface is faulty the vpn is connected to another interface? if so how do i do it? given how different static public ip?
thanks -
@miami71it
OpenVPN is a typical client to server connection. So it's on the client, which IP it connects to.If you run the server with multiple WANs, just forward the OpenVPN traffic from the others to the one the server is listening on.
On the client you can add multiple remote lines to the config to switch over to the next one if the current one fails.
A remote generally looks like this:remote <IP> <port> <protocol e.g. remote 198.19.34.56 1194 udpIf you use the client export utility to export your road warrior configs you can add this line in the "custom options" box there.
However, consider that the client will not fail back automatically to the primary WAN after it's coming online again.
-
@viragomann ok thanks I'll do some tests