OpenVPN not working with dual WAN

  • Hi everybody,

    I need your help. Currently I have two systems with pfsense. One at home and one in a small office. At home OpenVPN is working perfectly. I can connect, ping all systems in the lan network and can browse the internet with the new ip.

    At the office my OpenVPN is only working half:

    • I can connect to the pfsense via OpenVPN (via and
    • all traffic is routed over this secure connection ( shows the ip of office)
    • I can ping the pfsense with the LAN-IP


    • If I do a speedtest at It shows me an uploadspeed of zero.
    • I can not ping or connect to other systems in the LAN environment
    • I can not access some webpages like our plesk system (some are working like - but most not)
    • FTP is not working

    I already know that the problem has to be related with our second WAN line. If I disable the second WAN everything is working correctly. But why?

    Here is my setting:

    1. Network:
    • LAN-Netzwork: 192.168.5.x/24
    • OpenVPN-Subnet: 10.0.8.x/24
    • WAN1: fixed line with fixe IP Adress. Over this line I connect with openvpn
    • WAN2: PPPoE dsl with changing IP.


    • Connection over Port ##### with User + Auth and SSL/TLS
    • Protocol: udp, Device mode: tun, Interface: WAN1


    • OpenVPN: IPv4, Source *, Port *, Destination *, Port *, Gateway: WAN1, Queue: none
    • WAN1: IPv4, Source *, Port *, Destination: WAN1 address, Port *, Gateway: *, Queue: none

    I already tried to change the interface in openvpn server from wan1 to localhost (like described in this article: but with no success.

    Can you help me how I can debug the situation? I can see no blocked packages in the logs.
    The order "route" on my linux client shows me the following:

    Ziel            Router          Genmask        Flags Metric Ref    Use Iface
    default      UG    0      0        0 tun0
    default        UG    0      0        0 wlan0 UGH  0      0        0 tun0        *     UH    0      0        0 tun0 UGH  0      0        0 wlan0      UG    0      0        0 tun0    *      U    9      0        0 wlan0  UG    0      0        0 tun0

    Is that correct?
    Thank you very much for your help.
    Best regards

  • I guess you are using policy-routing rules on your LAN, to direct traffic to WAN1 and WAN2 according to your failover and load-balancing needs.
    In that case, you need to have a rule on LAN that matches source LANnet, destination OpenVPN tunnel subnet (, gateway none. That will allow the traffic returning from LAN to the OpenVPN client to be passed normally to the routing table, which knows how to route it to across the OpenVPN tunnel to the client.
    Without that, the traffic can be forced out WAN1 or WAN2 by a policy-routing rule, and of course never reaches the OpenVPN client.

Log in to reply