next »

[felipeortega]

Hello people,

I wish someone could tell me how to perform a FailOver of OpenVPN?
In my case I have two internet link in the matrix and in the case of my main link goes down, the subsidiary will try to close the VPN at my other link!
It is possible to realize with OpenVPN Site-to-Site 

[Nachtfalke]

For RoadWarrior on the client side there is this command:

Code:

remote-random
remote 192.168.10.1 1194
remote 192.168.10.2 1194

So the client tries one connection - if possible to connect it connects. If the line is down it tries the other IP.
Probably you have to enter this as a "custom command" on the client.

If your OpenVPN is running TCP as protocol there is no problem with multiwan but if it is running UDP you should do the following:

Change the listening interface of OpenVPN Server to your "LAN" interface or to "any".
Create a PortForwarding rule to your LAN interface on both of your WAN connections.
Create a firewall rule accordingly to the PortForward rule.
If you do not do this (with UDP) then there are problems because the traffic which comes in on WAN2 will go out WAN1 and so there is a mismatch.

[felipeortega]

Thanks for the response and attention
But I do not quite understand what you mean
How can I do this in pfSense
It would be possible a picture as example?

**Remembering that I'm using OpenVPN and I'm trying not to use IPsec

[heper]

try to bind the openvpn to the 'LAN' interface and go from there

or

setup multiple vpn's to same destination (1 from each WAN) then use a routing protocol like ospf to arrange the routing dynamically

[felipeortega]

Thanks for the help Herper

What you say and to be done in the firewall of my branch?

You would have a practical example of the configurations that you said?
Never set up OSPF now I'm lost 

[heper]

check this post for info on ospf

http://forum.pfsense.org/index.php/topic,37084.0.html