Gateway grouping between P2P link and VPN

northpole

I have a unique scenario where I am trying to get pfsense do failover between two links - P2P fibre link and openvpn.

Here is the scenario:

Main Office:
Two WAN internet links configured as fail-over with gateway grouping on pfsense. This office has Domain controller, file-server, antivirus server, etc.

Branch office:
It is connected to main office through a direct point to point fibre link. The link is terminated on opt interfaces on pfsense at both ends. The opt interface is configured as default gateway. Static routes exits at both ends and so far it's been working fine. (no nat is configured for both interfaces)

As a fail-over, I configured a site to site openvpn between the internet leased lines of both offices. If I manually change the static route to ovpn interface it works and carries all traffic.

I configured a gateway group with fibre link as tier1 and ovpn as tier2, removed all static routes both ends, and cleared all states. When I disconnect the fibre link the failover doesn't work. I guess the main office firewall still tries to return the traffic back on fibre link since the state tables are not cleared.

I guess it doesn't work in this way.

Is it possible to run RIP or OSPF at both pfsense boxes and configure proper routing? I tried the quagga OSPF but couldn't get hang of it's complex configuration. Or is there a way to make it work without any routing protocols?

Appreciate any help.
Thanks.

rjoliveira

I have the same issue, did you manage to get it working?