I'm using wireguard VPN and multiple WAN's.
Now, when there is a WAN failover everything works as expected. It's switching from the first WAN to the second and the VPN keeps working. The problem is when the first WAN comes back online.
It's switching back to the first WAN except that the VPN stays connected over the second WAN and won't switch back to the main WAN connection.
This causes the VPN the slow (the second WAN is much slower) until someone restarts the VPN tunnel.
How can this be resolved?
Whilst I haven't used it for a while, I ended up hacking together a script that ran from cron every minute:
https://github.com/opnsense/core/issues/3516#issuecomment-620415211
Basically if the default route is via the primary WAN, and there is more than 1 state (gateway monitoring) on the Secondary (4G in my case) kill all states to force it to reconnect.
Obviously you could also fairly easily modify it to restart the tunnel instead, or both...or not.
There is also the following, although I've not tested this:
- Firewall, Settings, Advanced, Dynamic state reset
...not sure if this works on fail over/IP change