OPNsense Forum

English Forums => General Discussion => Topic started by: spark5 on August 25, 2020, 09:03:46 am

Title: openvpn with wan failover
Post by: spark5 on August 25, 2020, 09:03:46 am

hi, i have a strange problem.

we have 2 wan links with gateway group and failover only, no load balancing.

our vpn client config has 2 remote server. one from the 2 wan links.
the vpn server must listen on any interface.

the client should connect the first ip. if this wan link goes down, the gateway will failover (it does).
after that the client should connect two the second ip, from the second wan link.

up to this, everything is working fine.

but, if the first link came back, the vpn traffic stays always on the second wan link.
if i reconnect the vpn client, the connection comes through the first wan link, but is answered via the second wan link.
the default route points to the first.
if i restart the openvpn server, everything is working again.

i had this setup tested, before upgrading to 20.1. this was working.
i dont know, what is happen.

from point of routing, the traffic should always run to the default gateway.

does someone have an idea?

thanks a lot and kind regards,
ronny

Title: Re: openvpn with wan failover
Post by: spark5 on August 25, 2020, 02:22:44 pm

nobody an idea?

should these packets not routed via default gateway?
what is bsd doing other here?

thanks

Title: Re: openvpn with wan failover
Post by: choffmeister on September 19, 2020, 03:15:54 pm

Can you send me screenshots of your WAN Failover configuration ?

Title: Re: openvpn with wan failover
Post by: spark5 on January 12, 2021, 05:17:12 pm

hi, sorry for beeing so late

we find an solution and setup two openvpn server with the same ca.
the problem is not the wan failover. the problem comes from openvpn. the answered packages has the wrong src ip.
so, we cant use listen on any here.

kind regards,
ronny