OPNsense Forum

English Forums => General Discussion => Topic started by: naltalef on July 03, 2020, 03:04:42 am

Title: Assimetric routing and stateless rule. pf anchor
Post by: naltalef on July 03, 2020, 03:04:42 am: Hi.
I need to install a site-to-site OpenVPN tunnel between two sites that currently have a satellite link between them.
The default gateway in each site will be changed to the OPNSense box.

But, I'll need to have the satellite link as a backup if the VPN fails.

I could be constantly checking the VPN to see if it's up or not, and if it goes down, add a static route that goes through the satellite link router, but since they're in the same LAN, the returning traffic will not go to the OPNSense box, so a pf state is not going to be established.

I could set the rule up as stateless, but I don't like this idea only needed when the VPN goes down.

Is there some way to define a pf anchor? There's not a problem with not using the GUI for this.
If this is effectively possible, then the stateless rule would need to be loaded only if the VPN goes down. In the rest of the cases the normal rule would be used.

Any advice is much thanked for.

Regards
Norberto

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy