Thanks for all advice. I recall attempting to add a static route to the openvpn server endpoint ip, but it still did not work for me. I read somewhere on the forums that internal services do not use the failover pools/ routes and this is why it does not work. Some suggested some command line hackery could get it to work, but we have too many of these things deployed in the field to be able to go and hack each one of them. Pity this does not work by default, as this would be a killer feature for us.
Chris, Will version 2 support this natively by any chance? On Wed, Mar 4, 2009 at 12:01 PM, Chris Buechler <[email protected]> wrote: > On Tue, Mar 3, 2009 at 6:57 PM, Mark Slatem <[email protected]> wrote: > > Hi all. > > > > I have about 50 Alix embedded firewalls running at branches. All the > > branches connect to a central pfsense at our data centre via an openvpn > > tunnel. This solution works absolutely beautifully and allows all the > > branches to be on one private network. The problem is some of the > branches > > are in locations where the ADSL links have intermittent connectivty > problems > > and can go down for extended periods. We have countered this by putting > down > > 3G routers at these branches and having a Dual Wan with load balancing > pools > > for failover. This works well and when one link goes down the traffic is > > routed via the other link. However this does not work for the openvpn > tunnel > > that refuses to establish down the secondary WAN link, I have tried and > > tried but can not get it to work. > > > > You have to add a static route to direct the traffic. Manual failover > works fine with appropriate routes. > > Automatic failover would require configuration of a routing protocol. > None of the existing supported ones are a good fit, though we'll > likely see OSPF support at some point in the not too distant future. > - Show quoted text - > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
