OpenVPN windows client vpn "Failover"?
-
Hello everybody,
actually i'm looking for a new firewall and testing PFSense.
I have got 2 wan connections using Gatewaygroups.
Open VPN is listening on a Lan Interface. Ports were forwarded to Lan 1194 udp.
That works gerat.
VPN ist establised Roadwarrior. But what will happen if follwing occurs.
WAN1 <- VPN <- Laptop
WAN2 <- Internet connected.Wan1 goes down vpn goes down only Wan2 is available.
Now i want the client to Change destination Address for the VPN-Connection to connect automatically to WAN2
Ist that possible? Someone tried before?
Greez
-
Try forwarding the port from the second WAN and using the 'auto magic multi-wan' option when you do the client export.
-
I do (require) failover, so I use DynDNS. I make a name in my DynDNS account with a format like:
remote-office-company.dyndns-ip.comA "real" example might be:
remote-sydney-bigcorp.dyndns-ip.com(Using a format like that helps me make a unique name for each [office/connection point] that has not been used by someone else on DynDNS already.)
Make a Gateway Group called RoadWarrior that has the primary WAN Tier1 and secondary WAN Tier 2.
Add an entry in Services->Dynamic DNS to make that name update itself based on the RoadWarrior Gateway Group.
Then select that DynDNS in "Host Name Resolution" when doing client export.The client will use remote-office-company.dyndns-ip.com when it tries to connect, and that should translate to the current public IP for reaching the OpenVPN server.
-
Hey guys,
thanks for answer!
I already used auto magic …. but in .ovpn file there is no IP inside.
That means the client doestn't know where to connect to.
I already added two portforwardings for each wan connection.
See my config. OpenVPN listens on "Lan" for OpenVPN connection.
-
If i understand this correctly.
I have two dyndns client names. Now which one do ich have to insert into the ovpn file. Or have to be both in there?
Do you have an example file. Maybe yours and you change dns names in examples?
I have for each connection a static IP. Normally i don't need an dyndns service.
Maybe there ist a roundrobin possibility in Windows client.
I'll try the follwing, add two lines in hosts.
for Example
10.0.0.1 akfi.de
10.0.0.2 akfi.deedit .ovpn and insert akfi.de
maybe that works… lets try.
-
I edited my post to clarify - I was giving the naming format that I use, then an example.
Just use 1 DNS name. The IP address for it will switch between the public IPs when the gateway group status changes (when the primary WAN fails or recovers).Then choose that name for "Host Name Resolution" when making Client Export packages.
-
It would be nice to be able to set defaults for client export in a particular vpn instance. I understand this pretty much means incorporating client export into pfSense instead of it being a package, but it sure would be nice.
-
@ phil.davis
thanks a lot. That would be a great possibility.
For tests i used hosts file.
It seems to work. In first tests. (Windows 7 32bit Pro)
Insert.
192.168.0.1 akfi.de
192.168.0.2 akfi.deinto Hosts file.
ping akfi.de
answer 192.168.0.1
now disconnect device .0.1
ping akfi.de
answer 192.168.0.2
It works using ping.
On other mobile devices Dyndns might be the better way.
Thanks a lot!!!
-
Yes, out on the public internet, if you do not already have your own public domain name infrastructure, then you will need to use some 3rd-party service.
-
It would be nice to be able to set defaults for client export in a particular vpn instance. I understand this pretty much means incorporating client export into pfSense instead of it being a package, but it sure would be nice.
I raised a feature on Redmine a while ago: https://redmine.pfsense.org/issues/3478
There is nothing to stop the OpenVPN Client Export package from being able to save some default settings. I thought about doing it but have not got around to it. I want 2.2 to happen more than I want this ;)
