Load-balancing outgoing OpenVPN traffic -- is it possible?

[tony124]

Hi,

I am new to OPNsense and I hope this is the right place to post my question:

I have an OPNsense instance with multi-wan and OpenVPN. I have followed the excellent docs at https://docs.opnsense.org/manual/how-tos/multiwan.html and things seem to work fine, except this issue: the outgoing traffic always goes through the default gateway, which is picked by OPNsense randomly (?) at boot time.

I have already added the gateway group to Firewall > Rules > openvpn iface as the gateway for traffic coming into openvpn iface. According to the docs it seems that it should work but probably I am still missing some steps. I wonder if you could give me a hint how to process further:

(1) Is load-balancing outgoing OpenVPN traffic supported by OPNsense (I think it is, just double checking)
(2) What I could do to debug the problem? I am familiar with linux cli but I am willing to learn freebsd commands if needed.

thanks in advance for any hint.

Edit: the relevant policy based routing part looks as follows (output from pfctl, with IPs slightly changed). Yes pppoe1 and pppoe2 have the same gateway, it's not a mistake.

Code Select Expand


pass in quick on openvpn route-to { (pppoe2 10.20.30.1), (pppoe1 10.20.30.1), (em1 123.123.123.123 } round-robin sticky-address inet from (openvpn:network) to any flags S/SA keep state label "8ba5d5e9091ff2cd49e87a66cc467e3b"