Multi-Wan OpenVPN routing broken

wildcard418 · May 08, 2019, 06:24:09 PM

Hello,
I am desperately trying to make OpenVPN work for me in my environment, but there is a very fundamental routing issue that I have discovered with 19.1.4. Let me explain:

I am doing a site-to-site OpenVPN connection.

------------------------------------------------

Firewall A has 3 WANs, all with static IPs.

Wan1: 173.219.186.XXX (set to default gateway)
Wan2: 65.182.94.XXX
Wan3: 206.166.210.XXX (OpenVPN Server listening on this interface)
Lan: 192.168.163.0/24

------------------------------------------------

Firewall B is very simple, 1 wan, 1 lan.

Wan1: 38.68.2.XXX (Same carrier as Wan3 above)
Lan: 192.168.1.0/24

------------------------------------------------

The problem is the OpenVPN connection gets established on Wan3 (Firewall A shows VPN is UP), but Firewall A returns traffic on whatever interface has the default gateway (Wan1 in my case).

Things to know:
1. If I set the default Gateway on Firewall A to the same interface the OpenVPN Server is listening on, everything works perfectly.
2. The system routing table looks correct (same as my other PFSense firewall setup similar to this one)
3. I've toggled On/Off the following, rebooting after each change. No change in the behavior described:
3a. Disable force gateway
3b. Bypass firewall rules for traffic on the same interface
3c. Use sticky connections

I am at a loss on how to fix this. Can anyone help me troubleshoot this?

Multi-Wan OpenVPN routing broken

wildcard418

May 08, 2019, 06:24:09 PM