OpenVPN Failover Peer to Peer



  • Hi @ all  ;D

    I have one question (perhaps I think in the wrong direction…):

    As you can see in the attachment I have @ the moment to pfSense-FW which have a VPN (OpenVPN) to connect the networks 10.29.73.0/24 and 192.168.24.0/24.
    No problem at this point. Is working, cann communicate with all servers on both sides. pfSense with IP 10.29.73.1 is the OpenVPN Server (Peer to Peer / Tunnel Network 10.29.74.0/30) in this case and 192.168.24.253 is the Client.
    But now I wish to have the Client (192.168.24.253) to connect to the second pfSense (10.29.73.2) if the first one (10.29.73.1) is unreachable.
    I have configuered the second server as well with the same config as openvpn server but with a different tunnel network (10.29.75.0/30).
    Now my Problem:
    I have the first pfSense (10.29.73.1) as default GW in the network. Is the tunnel connected to this one.. no problem
    If (in any case) the WAN-Interface is not reachable then the Client will connect to the second one (this is working) but I can't set a static route (192.168.24.0/24 --> 10.29.73.2) because if tunnel is connectet to 10.29.73.1 this will not work. Is there any possibility to handle this?
    Perhaps NAT all tunnel traffic to the Tunnel Net. Than I could route 10.29.75.0/30 to 10.29.73.2 and 10.29.74.0/30 to 10.29.73.1
    Any other solutions?

    hopefully it is clear what I try to do   ???

    Forgotten to say pfSense is great :-)