Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual OVPN site to site links

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xternal
      last edited by

      MODS: I moved this from Multi-WAN forum, as more relevant here - please close other thread

      Hi,
      I have an issue which I dont know if I can solve. I have two OPVN connections linking two sites.
      Currently using Quagga I can get failover to work, where when one connection goes down it updates the routing table to use the next one.
      However, it would be awesome if I could have both ovpn connections mapped concurrently and then use firewall gateway rules to redirect certain traffic over each line.
      I dont need dynamic load balancing, I just want to use gateway rules to make VOIP connect over one ovpn and computers over the other.

      Quagga identifies the 192.168.1.1 network is available on both opvnc2 and ovpns1 (each side has a server and a client)

      Heres the quagga routes working properly

      So what i would like to change here, is force a second route like the circle but for the 10.0.11.1 gateway (so I can setup firewall gateway rules for both vpn connections).
      Currently, even if I setup ovpn gateways by assigning interfaces to the ovpn connections, it still always routes down one vpn connection (the first one connected) because of the rule at the arrow… i think.

      Using a firewall gateway rule forcing traffic through 10.0.11.1 still travels over the 10.0.10.0/24 ovpn connection because of that rule?

      Is it possible to force a second gateway for 192.168.1.0/24 in the routing table? Set to 10.0.11.1

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        not possible as far as i know. You should check with developers to be sure.

        I believe it is a limitation of the underlying OS.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          If you don't need OSPF for other things (like routing in a big internal VPN network) then you should be able to do this without Quagga OSPF. You will have a gateway for each OpenVPN connection. Both gateways happen to be routes to the same LAN subnet at the other end - that is fine. You can use policy routing firewall rules (like you are trying already) to feed whatever traffic you like into whichever gateway. With no Quagga OSPF, the "strange" route for 10.0.11.1 that pushes that traffic down the wrong pipe will not be there.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.