Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN in load balancing/failover scenario

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rikben
      last edited by

      Hi all,
      I'm sorry to asking perhaps something as already discussed, but I haven't found any previos post as similar case.

      So, this is the case:
      PFSense 2.01 with
      LAN as private network
      WAN1 interfaced with HDSL, having a public IP
      WAN2 interfaced to a Wi-Fi router (Mikrotik), having a private natted IP
      Failover / Load Balancing is active on both Wan in outgoing direction.
      DNS forwarder & DHCP server active on pfS
      Inside the Lan there's a Mailserver and several other services active on specific standard ports, that has to be forwarder via pfS.

      Requirings:
      In order to have a full redundance I've thinked to acquire a VPN-service provided public IP, to be assigned to the WAN2.
      This is in order to have a second public Ip where several services are working, first of all a second MX record for mailserver failover features.
      I need to view the new public IP obtained via VPN like a third WAN, where has to be set all port forwarding for all services.

      In that way, if HDSL link goes down, all services will be still reachable via VPN / WAN2 link, even WAN2 is a private/natted connection.
      Also, if the WAN2 link goes down, VPN can be activated via WAN1, and again all services are available on both public IP.
      As the third case, if VPN provider goes down, the HDSL public IP remains active, so at least at one of two public IP, services are on.

      Do you think is it possible ?  How I can manage the VPN as a WAN3 ?  Have someone any other suggestion ?

      Many thanks to all.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        In that way, if HDSL link goes down, all services will be still reachable via VPN / WAN2 link, even WAN2 is a private/natted connection.

        yes probably

        Also, if the WAN2 link goes down, VPN can be activated via WAN1, and again all services are available on both public IP.

        this might be a little tricky … there is, by my knowledge, no way to "activate" an openvpn connection upon failure.

        two things that might be worth a shot:
        -run the openvpn client (pfsense) on a virtual ip on the LAN interface and use a failover group to decide what WAN interface the client should connect to the server <-- perhaps someone has done this allready
        -perhaps the vpn provider is willing to offer 2 seperate openvpn connection, attached to the same public-ip ?

        Do you think is it possible ?  How I can manage the VPN as a WAN3 ?  Have someone any other suggestion ?

        most of it yes, some detail are a maybe. assign an interface to openvpn (interfaces–>assign). Lots of folks will probably have suggestions about the details :)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.