OpenVPN MWan failover fallback [SOLVED]



  • I configured OpenVPN to listen to the internal LAN Address. Forwarded my UTP ports from both WAN interfaces to the internal address.

    When my tier1 WAN1 fails, everything get switched over to tier2 WAN2. External OpenVPN client connects after loss of the WAN1 tunnel on WAN2, everything is fine.

    What i try to (unsuccessfully) archive is the fallback to my tier1 WAN1 when it comes online again. In my configuration the OpenVPN connection stays on WAN2 forever (which is costly if your on 3G backup line).

    Any Ideas?



  • If you want WAN1 to really be the primary WAN and WAN2 only for failover, then make a gateway group with WAN1=Tier1, WAN2=Tier2 and select the gateway group as the interface for OpenVPN server.
    (and remove the port forwards)
    then pfSense will fail it over and back as required.



  • This i tried before. Didnt work as expected. Failover was just occuring when i stopped and restarted the openvpn server…

    After lots of searching and fiddling i found some comments related to pfsense 2.1beta that the UDP switchover isnt working.

    So i did the NAT UDP forwarding to the internal LAN port where OpenVPN is listening. This works for failover. But not for fallback.



  • Apologies, I forget that this is a bug in 2.1-RELEASE - it is fixed by this: https://github.com/pfsense/pfsense/commit/4bf23d320bc96eeabf2daf9024583f2cc5a6662a
    I applied this fix on my multi-WAN systems a long time ago, so I tend to forget it is not part of 2.1-RELEASE!



  • Thanks a lot, will try it.

    So with this fix i dont need the udp forward hack?

    simply bind the openvpn interface to my gateway group!?



  • Feedback: Works perfectly, thanks a lot!



  • @tomelgato:

    Feedback: Works perfectly, thanks a lot!

    Good to know it works for others - thanks for the feedback.