Hello Untanglers,
I've created a mock diagram which I am wondering if you think would be feasible to fit into the product in the future. Mostly I'm just wondering if there is anything inherently different with Untangle's internal architecture that would not allow a solution like this to be fairly easily added.
My understanding is that multi-WAN VPN failover always breaks all sessions because of Untangle's state table having the WAN interface listed with the session, and therefore when the WAN is no longer available, all associated sessions break.
I understand this makes sense. However, I'm wondering if it would be feasible to add a virtual bridge interface and let it be the "WAN" interface listed in the sessions table. Then use routes (static or dynamic) to determine which VPN tunnel (next-hop route) to take to deliver the packets. By separating the session from the physical WAN interface or even the VPN tunnel, my thought is this may allow the sessions table to still contain valid interfaces all the while, even when WAN interface & VPN tunnel availability changes.
Here is a quick diagram I made:
Proposed solution for multi-wan VPN failover with session persistence.jpg
I understand Untangle also has its existing internal virtual bridge network for the UVM/etc. But this potentially could make this type of solution even easier to implement, because you guys are already experts in that technology.
Anyway, I'm not asking this to be put into the solution. I believe there's a different place where we are supposed to submit feature requests. I'm just asking whether this solution would make sense and be feasible in the architecture of Untangle.
If so, then I will probably submit a feature request.
Thanks all!