Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN MWan failover fallback [SOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomelgato
      last edited by

      I configured OpenVPN to listen to the internal LAN Address. Forwarded my UTP ports from both WAN interfaces to the internal address.

      When my tier1 WAN1 fails, everything get switched over to tier2 WAN2. External OpenVPN client connects after loss of the WAN1 tunnel on WAN2, everything is fine.

      What i try to (unsuccessfully) archive is the fallback to my tier1 WAN1 when it comes online again. In my configuration the OpenVPN connection stays on WAN2 forever (which is costly if your on 3G backup line).

      Any Ideas?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        If you want WAN1 to really be the primary WAN and WAN2 only for failover, then make a gateway group with WAN1=Tier1, WAN2=Tier2 and select the gateway group as the interface for OpenVPN server.
        (and remove the port forwards)
        then pfSense will fail it over and back as required.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T
          tomelgato
          last edited by

          This i tried before. Didnt work as expected. Failover was just occuring when i stopped and restarted the openvpn server…

          After lots of searching and fiddling i found some comments related to pfsense 2.1beta that the UDP switchover isnt working.

          So i did the NAT UDP forwarding to the internal LAN port where OpenVPN is listening. This works for failover. But not for fallback.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Apologies, I forget that this is a bug in 2.1-RELEASE - it is fixed by this: https://github.com/pfsense/pfsense/commit/4bf23d320bc96eeabf2daf9024583f2cc5a6662a
            I applied this fix on my multi-WAN systems a long time ago, so I tend to forget it is not part of 2.1-RELEASE!

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • T
              tomelgato
              last edited by

              Thanks a lot, will try it.

              So with this fix i dont need the udp forward hack?

              simply bind the openvpn interface to my gateway group!?

              1 Reply Last reply Reply Quote 0
              • T
                tomelgato
                last edited by

                Feedback: Works perfectly, thanks a lot!

                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis
                  last edited by

                  @tomelgato:

                  Feedback: Works perfectly, thanks a lot!

                  Good to know it works for others - thanks for the feedback.

                  As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                  If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.