Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-site Tunnel with Fail-Over [SOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kinder
      last edited by

      Hello,

      I've setup 2 Pfsense with an Openvpn tunnel site-to-site. It is functional, traffic is OK.

      But, the tunnel don't connect through the right Internet link.

      On 1 Pfense (Openvpn server), I have a SDSL link with 6 IP addresses. On the other, I have 1 ADSL (WAN, 1 fixed IP address) and 1 SDSL (OPT1, 1 fixed IP address) link with fail-over (It doesn't work with load balancing or no FO/LB). The Openvpn tunnel must go through the SDSL link, but it doesn't (openvpn[445]: write UDPv4: Network is unreachable (code=51)), the OpenVPN link only works through the ADSL link.

      Any help/advice would be great, thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you're on 1.2.3 you need to add "local x.x.x.x;" to the OpenVPN config where x.x.x.x is the router's IP on the SDSL side.

        You might also try switching to TCP instead of UDP if that alone doesn't fix it.

        It should work much better on 2.0 by just selecting the SDSL interface when making the OpenVPN instance.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          Kinder
          last edited by

          I tried with TCP and local x.x.x.x on the 1st Pfsense box, but it doesn't work, the tunnel is still initiated through the ADSL link on the second Pfsense box.

          Same version on both sides, 1.2.3-RELEASE.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You might try adding a static route to the server's IP that goes out via the SDSL line at the multi-wan site.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              Kinder
              last edited by

              There are all the necessary routes in both Pfsense boxes, configured par OpenVPN :

              Pfsense - Main site (SDSL, 109.x.x.x/29)

              
              default 109.x.x.x UGS 0 9110429 1500 re0   
              10.0.8.2 10.0.8.1 UH 1 0 1500 tun0   
              109.x.x.x/29 link#1 UC 0 0 1500 re0   
              109.x.x.x 00:ff:db:9e:ef:f0 UHLW 2 233480 1500 re0 1185 
              127.0.0.1 127.0.0.1 UH 0 0 16384 lo0   
              192.168.1.0/24 link#4 UC 0 2 1500 re3   
              192.168.2.0/24 10.0.8.2 UGS 0 2029238 1500 tun0 
              
              

              Pfsense - Site 1 (SDSL, 109.x.x.x/30 + ADSL, 90.x.x.x)

              
              default 90.x.x.x UGS 0 3740249 1500 re0   
              10.0.8.1 10.0.8.2 UH 1 0 1500 tun0   
              90.x.x.0/24 link#1 UC 0 0 1500 re0   
              90.x.x.x 127.0.0.1 UGHS 0 1390 16384 lo0   
              90.x.x.x 00:22:6b:a9:b1:f6 UHLW 2 0 1500 re0 721 
              109.x.x.x/30 link#2 UC 0 0 1500 re1   
              109.x.x.x 00:ff:6e:51:db:8d UHLW 2 48810 1500 re1 1198 
              127.0.0.1 127.0.0.1 UH 1 0 16384 lo0   
              192.168.1.0/24 10.0.8.1 UGS 0 1586099 1500 tun0   
              192.168.2.0/24 link#4 UC 0 0 1500 re3   
              
              
              1 Reply Last reply Reply Quote 0
              • K
                Kinder
                last edited by

                Ok, that was the solution.

                I added the routes in static routes in both Pfsense and the OpenVPN tunnel now goes through the SDSL lines. (I think only a static route in the distant site is required).

                Thanks !!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.