Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn server on WAN and OPT1 (site-to-site only) [SOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unguzov
      last edited by

      Hi,

      I have site-to-site OpenVPN setup and it works well.
      I wanted to add failover - when my WAN goes offline then OPT1 to save my site-to-site link.

      Configuration works well when WAN is up, but doesn't work when WAN goes down. OpenVPN logs shows that two boxes are connected, but I cant ping from one to other LAN…

      Please help?

      My configuration:

      pfSense Box 1:
      WAN-----(11.11.11.11)
                                       ---- pfSense --- LAN (192.168.28.0/24)
      OPT1-----(22.22.22.22)/

      pfSense BOX 2:
      WAN-----(33.33.33.33)---- pfSense --- LAN (192.168.130.0/24)

      On BOX 1 I have two OpenVPN servers:

      First:
      Protocol: TCP
      Local port 10101
      Address pool 10.10.11.0/24
      Remote network: 192.168.130.0/24
      Shared key: XXX
      Custom options: local 11.11.11.11

      Second:
      Protocol: TCP
      Local port 20101
      Address pool 10.11.12.0/24
      Remote network: 192.168.130.0/24
      Shared key: XXX
      Custom options: local 22.22.22.22

      On BOX 2 I have one OpenVPN client:

      Protocol: TCP
      Server port 10101
      Interface IP 10.11.12.0/24
      Remote network: 192.168.28.0/24
      Shared key: XXX
      Custom options: remote 22.22.22.22 20101

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I would bind the OpenVPN server to both interfaces and do the failover in the OpenVPN client config.
        –> The client connects in a failover manner to the different IPs of the server.
        If one interface of the server should go down, the client automatically connects to the other interface.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • U
          unguzov
          last edited by

          @GruensFroeschli:

          I would bind the OpenVPN server to both interfaces and do the failover in the OpenVPN client config.
          –> The client connects in a failover manner to the different IPs of the server.
          If one interface of the server should go down, the client automatically connects to the other interface.

          Thank you GruensFroeschli, you point me to the right direction  :)

          Now it works as planned. My WORKING configuration:

          pfSense BOX 1:
          WAN–---(11.11.11.11)
                                            ---- pfSense --- LAN (192.168.28.0/24)
          OPT1-----(22.22.22.22)/

          pfSense BOX 2:
          WAN-----(33.33.33.33)---- pfSense --- LAN (192.168.130.0/24)

          On BOX 1: One OpenVPN server:

          Protocol: TCP
          Local port 10101
          Address pool 10.10.11.0/24
          Remote network: 192.168.130.0/24
          Shared key: XXX

          On BOX 2: One OpenVPN client:

          Protocol: TCP
          Server port 10101
          Interface IP 10.10.11.0/24
          Remote network: 192.168.28.0/24
          Shared key: XXX
          Custom options: remote 22.22.22.22 10101

          1 Reply Last reply Reply Quote 0
          • F
            FrAsErTaG
            last edited by

            Hi I am looking at setting up the same style of VPN.

            Is there any static routes that need to be set with your config?
            How exactly do you "BIND" the interfaces via Openvpn?

            1 Reply Last reply Reply Quote 0
            • U
              unguzov
              last edited by

              @FrAsErTaG:

              Hi I am looking at setting up the same style of VPN.

              Is there any static routes that need to be set with your config?
              How exactly do you "BIND" the interfaces via Openvpn?

              You do not need any additional static routes to make this work. You can "BIND" OpenVPN to specific adapter with custom options and "local" parameter, but in this case you do not need this. When "local" parameter is not set OpenVPN is bind to all adapters (0.0.0.0).

              1 Reply Last reply Reply Quote 0
              • J
                joyfulway
                last edited by

                Hi,

                do this post and this one tell the same thing ?
                http://forum.pfsense.org/index.php/topic,21941.msg112804.html#msg112804

                GruensFroeschli, when you say in the other post:
                "With OpenVPN you have the ability to specify multiple servers and how to connect to them (balancing/failover)."
                is this achieved by
                "binding the OpenVPN server to both interfaces and do the failover in the OpenVPN client config"
                i.e "using the Custom options ?

                Thanks for your help

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.