Pfsense + OpenVPN + LAGG

  • Hello,

    Something of a re-hash of previous topics, I'm afraid.

    I am simulating two WAN connections, and creating two OpenVPN tunnels across these from a branchoffice-type location to a headoffice-type location.  I have managed to get the LAGG going, round-robin style, and am reasonably pleased with myself.  I haven't done any real performance testing, so I can't comment on overheads and the such.

    The link is pretty tolerant-ish of failure. When I pull the cable on WAN1, the throughput drops to around 50% and experiences some pretty horrible packet-loss, but is just about usable.  More importantly, it recovers nicely when the link is restored.

    The problem arises at initial startup or when one side of the circuit needs to reboot.  It seems the bond doesn't detect whether the OpenVPN taps are up yet, tries to bring up the bond, fails and goes to sulk in the corner.  In order to get the bond up, I have to go into the LAGG config page in the webgui, and save the config, which causes the bond to try again and succeed now that the taps have had time to come up.

    My questions is whether it would be possible to have pfsense check whether the LAGG member interfaces are actually up before it tries to bring the bond up and, if they're not established, to hold off for 15 seconds or so before trying again?

    Please and thankyou.

  • Banned

Log in to reply