Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn on second wan or load balance

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mgiammarco
      last edited by

      Hello, I have two openvpn on my dual wan pfsense, one server and one client. I am trying to put them on secondary wan or at least on load balance, but it is not working.
      I have read past forum posts that shows some bug related to openvpn on second wan. I would like to ask you if someone has found a workaround.

      Thanks in advance for any reply.

      Mario

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        I think you would need a static route for this traffic to the remote openvpn-endpoint via the OPTWAN-gateway. This might work if the opposite end has a static IP but of course won't work if it's a roadwarrior.

        1 Reply Last reply Reply Quote 0
        • M
          mgiammarco
          last edited by

          I am sorry I have not understood your reply. My main problem is that it seems that police routing does not work with openvpn (client or server): so packet can be received from second wan, but packet sent from openvpn go out always from first wan which is wrong.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Policybased routing or loadbalancing won't work for any traffic that is originating from the pfSense itself. It only can be applied to incoming traffic from an interface. That's why you need the static route to make the traffc on the pfSense leave through the OPTWAN.

            1 Reply Last reply Reply Quote 0
            • M
              mgiammarco
              last edited by

              Ok I have tried myself without luck: can you give me an example of this static route?

              Thanks in advance.

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                let's say your remote vpn endpoint (the other end of the openvpn tunnel) has the ip x.x.x.x then add a static route at system>static routes like:
                subnet x.x.x.x/32 gateway <optwan gateway="" ip="">This of course won't work if the opposite end is a dynamic IP.</optwan>

                1 Reply Last reply Reply Quote 0
                • S
                  sai
                  last edited by

                  Hoba, what about the interface on the static route? is that important? its something that I never understood.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.