Results 1 to 4 of 4
  1. #1
    Master Untangler
    Join Date
    Apr 2007
    Posts
    641

    Default OpenVPN Dual WAN Failover - Failback Problem

    We have 2 sites and at the primary site acting as the OpenVPN server it has 2 WAN connections. The client VPN configuration(generated at the server site) contains both IP addresses as "remote" connect strings. When the WAN1 interface goes down the VPN drops and re-establishes on WAN2(this is working great!). The problem comes when WAN1 returns to online it will not failback until some point in the future where WAN2 is then offline. Am I doing something wrong or is there a way to tell it to failback to WAN1 when it comes back online?

  2. #2
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    409

    Default

    That's how openvpn works.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,219

    Default

    The OpenVPN client determines where it connects. And it won't try another connection unless it's forcibly disconnected.

    So yes, failing back to WAN1 requires WAN2 to "fail" because that's disconnecting the client, to force it to move to the other IP address.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,196

    Default

    The OpenVPN client has no idea your primary connection has come back online. The openvpn server isn't going to tell it, because it listens on all interfaces (actual traffic limited to WAN interfaces by default Access Rule), so it doesn't consider either connection to be more "correct" than the other.

    If you want to forcibly disconnect existing connections and have them attempt re-connection to the primary, from the server side you could disable the WAN2 interface for a minute or from the client side you could disable then re-enable the OpenVPN client connection. Just be careful you don't lose admin access while you're doing it, or you'll feel really stupid.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2