OpenVPN failover…

  • Maybe someone can get me a straight answer on this…

    I have a central site that needs dual-WAN redundancy (no load balancing) with VPNs.  While the branch sites connecting to it will only have a single WAN connection.  If the primary WAN on the main site goes down, I need it to switch over to the secondary within seconds and the VPN tunnels to continue working.  In the event the primary comes back, I need everything to move back over as the secondary WAN connection is a rather slow DSL line.

    To test this I setup a test environment using VMs and the latest build of PFSense v2.0.  At the central site, the WAN failover works great, it detects the gateway as dead and jumps over quickly.  From what I have read on the forums, the VPN part can be achieved with dual OpenVPN tunnels and OSPF.

    So at the central site I setup 2 OpenVPN tunnels, bonded each one to their respective WAN connection.  I then assigned the OpenVPN tunnels to interfaces.  I installed the OSPF package and added the OpenVPN interfaces to it.

    On the remote site, I did the same, 2 tunnels, one pointing to each of the central site's WAN addresses.  Interfaces assigned and OSPF configured.

    Everything comes up, but it doesn't work exactly as I had planned...  Traffic from the Central to the remote site goes out via the tunnel on WAN2, and traffic from the remote site to the central site goes over the tunnel on WAN1.  If I kill one of the connections, the traffic on that tunnel will either stop, or sometimes actually re-route.

Log in to reply