Openvpn on second wan or load balance



  • Hello, I have two openvpn on my dual wan pfsense, one server and one client. I am trying to put them on secondary wan or at least on load balance, but it is not working.
    I have read past forum posts that shows some bug related to openvpn on second wan. I would like to ask you if someone has found a workaround.

    Thanks in advance for any reply.

    Mario



  • I think you would need a static route for this traffic to the remote openvpn-endpoint via the OPTWAN-gateway. This might work if the opposite end has a static IP but of course won't work if it's a roadwarrior.



  • I am sorry I have not understood your reply. My main problem is that it seems that police routing does not work with openvpn (client or server): so packet can be received from second wan, but packet sent from openvpn go out always from first wan which is wrong.



  • Policybased routing or loadbalancing won't work for any traffic that is originating from the pfSense itself. It only can be applied to incoming traffic from an interface. That's why you need the static route to make the traffc on the pfSense leave through the OPTWAN.



  • Ok I have tried myself without luck: can you give me an example of this static route?

    Thanks in advance.



  • let's say your remote vpn endpoint (the other end of the openvpn tunnel) has the ip x.x.x.x then add a static route at system>static routes like:
    subnet x.x.x.x/32 gateway <optwan gateway="" ip="">This of course won't work if the opposite end is a dynamic IP.</optwan>



  • Hoba, what about the interface on the static route? is that important? its something that I never understood.


Locked