Assimetric routing and stateless rule. pf anchor

Started by naltalef, July 03, 2020, 03:04:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 03, 2020, 03:04:42 AM
Hi.
I need to install a site-to-site OpenVPN tunnel between two sites that currently have a satellite link between them.
The default gateway in each site will be changed to the OPNSense box.

But, I'll need to have the satellite link as a backup if the VPN fails.

I could be constantly checking the VPN to see if it's up or not, and if it goes down, add a static route that goes through the satellite link router, but since they're in the same LAN, the returning traffic will not go to the OPNSense box, so a pf state is not going to be established.

I could set the rule up as stateless, but I don't like this idea only needed when the VPN goes down.

Is there some way to define a pf anchor? There's not a problem with not using the GUI for this.
If this is effectively possible, then the stateless rule would need to be loaded only if the VPN goes down. In the rest of the cases the normal rule would be used.

Any advice is much thanked for.

Regards
Norberto
Print
Go Up Pages1
User actions