openvpn with wan failover

[spark5]

hi, i have a strange problem.

we have 2 wan links with gateway group and failover only, no load balancing.

our vpn client config has 2 remote server. one from the 2 wan links.
the vpn server must listen on any interface.

the client should connect the first ip. if this wan link goes down, the gateway will failover (it does).
after that the client should connect two the second ip, from the second wan link.

up to this, everything is working fine.

but, if the first link came back, the vpn traffic stays always on the second wan link.
if i reconnect the vpn client, the connection comes through the first wan link, but is answered via the second wan link.
the default route points to the first.
if i restart the openvpn server, everything is working again.

i had this setup tested, before upgrading to 20.1. this was working.
i dont know, what is happen.

from point of routing, the traffic should always run to the default gateway.

does someone have an idea?

thanks a lot and kind regards,
ronny

[spark5]

nobody an idea?

should these packets not routed via default gateway?
what is bsd doing other here?

thanks

[choffmeister]

Can you send me screenshots of your WAN Failover configuration ?

[spark5]

hi, sorry for beeing so late

we find an solution and setup two openvpn server with the same ca.
the problem is not the wan failover. the problem comes from openvpn. the answered packages has the wrong src ip.
so, we cant use listen on any here.

kind regards,
ronny