Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site-to-site Tunnel with Fail-Over [SOLVED]

    OpenVPN
    2
    6
    2422
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kinder last edited by

      Hello,

      I've setup 2 Pfsense with an Openvpn tunnel site-to-site. It is functional, traffic is OK.

      But, the tunnel don't connect through the right Internet link.

      On 1 Pfense (Openvpn server), I have a SDSL link with 6 IP addresses. On the other, I have 1 ADSL (WAN, 1 fixed IP address) and 1 SDSL (OPT1, 1 fixed IP address) link with fail-over (It doesn't work with load balancing or no FO/LB). The Openvpn tunnel must go through the SDSL link, but it doesn't (openvpn[445]: write UDPv4: Network is unreachable (code=51)), the OpenVPN link only works through the ADSL link.

      Any help/advice would be great, thanks

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        If you're on 1.2.3 you need to add "local x.x.x.x;" to the OpenVPN config where x.x.x.x is the router's IP on the SDSL side.

        You might also try switching to TCP instead of UDP if that alone doesn't fix it.

        It should work much better on 2.0 by just selecting the SDSL interface when making the OpenVPN instance.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          Kinder last edited by

          I tried with TCP and local x.x.x.x on the 1st Pfsense box, but it doesn't work, the tunnel is still initiated through the ADSL link on the second Pfsense box.

          Same version on both sides, 1.2.3-RELEASE.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You might try adding a static route to the server's IP that goes out via the SDSL line at the multi-wan site.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              Kinder last edited by

              There are all the necessary routes in both Pfsense boxes, configured par OpenVPN :

              Pfsense - Main site (SDSL, 109.x.x.x/29)

              
default 109.x.x.x UGS 0 9110429 1500 re0   
10.0.8.2 10.0.8.1 UH 1 0 1500 tun0   
109.x.x.x/29 link#1 UC 0 0 1500 re0   
109.x.x.x 00:ff:db:9e:ef:f0 UHLW 2 233480 1500 re0 1185 
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0   
192.168.1.0/24 link#4 UC 0 2 1500 re3   
192.168.2.0/24 10.0.8.2 UGS 0 2029238 1500 tun0

              Pfsense - Site 1 (SDSL, 109.x.x.x/30 + ADSL, 90.x.x.x)

              
default 90.x.x.x UGS 0 3740249 1500 re0   
10.0.8.1 10.0.8.2 UH 1 0 1500 tun0   
90.x.x.0/24 link#1 UC 0 0 1500 re0   
90.x.x.x 127.0.0.1 UGHS 0 1390 16384 lo0   
90.x.x.x 00:22:6b:a9:b1:f6 UHLW 2 0 1500 re0 721 
109.x.x.x/30 link#2 UC 0 0 1500 re1   
109.x.x.x 00:ff:6e:51:db:8d UHLW 2 48810 1500 re1 1198 
127.0.0.1 127.0.0.1 UH 1 0 16384 lo0   
192.168.1.0/24 10.0.8.1 UGS 0 1586099 1500 tun0   
192.168.2.0/24 link#4 UC 0 0 1500 re3 
              1 Reply Last reply Reply Quote 0
              • K
                Kinder last edited by

                Ok, that was the solution.

                I added the routes in static routes in both Pfsense and the OpenVPN tunnel now goes through the SDSL lines. (I think only a static route in the distant site is required).

                Thanks !!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post