openvpn interface skipped in gateway group

[bma]

Hi,

i'm trying to create a gateway group of multiple openVPN connections to route them via firewall rules for some subnets (IPv4 private). When selecting only a single VPN Gateway it works, if i select the gateway group it skips the VPN connections and tries to route it via WAN.

This old thread from 2023 sounds familiar to this -> https://forum.opnsense.org/index.php?topic=37022.0
But a solution was never mentioned.

Is there something specific to do with OpenVPN interfaces in gateway groups?

Regards

[bma]

After some further investigations

The VPN interface is ignored inside the gateway group. May because of this note, even if dynamic gateway is not set, but for VPN interface you just can select "None"

Currently it's not possible to use gateways without an address (Interface option "Dynamic gateway policy") inside a group. This is due to the fact that the firewall requires an address of the right family (IPv4 / IPv6) to be present on the interface, which can not be guranteed based on its configuration at the moment.

https://docs.opnsense.org/manual/multiwan.html

As this works with openVPN and gateway groups in pfsense and it seems a bug in opnsense

• https://www.reddit.com/r/opnsense/comments/1gecvr9/opnsense_ignores_gateway_group_vpn_and_uses/?rdt=52834
• https://github.com/opnsense/core/issues/7536

The only workaround for this use case, where you want a routing with fallback via gateway group with multiple VPN connections, is slightly mentioned in this issue request.
https://github.com/opnsense/core/issues/8108

Activate "Skip rules when gateway is down" and make duplicates for every rule where you want a fallback gateway. It's a bit messy in the interface rules, but it works