Multi-WAN OpenVPN

From PFSenseDocs

This article is part of the HOWTO series.

OpenVPN can be used with any WAN, with some caveats when using UDP.

NOTE: This is only necessary when using UDP (the preferred protocol). If using TCP, you can connect without the below information.

Contents 1 OpenVPN Configuration 2 Duplicate OpenVPN Configuration 3 Editing the Duplicated Configuration 4 Configuring Clients 5 More than two WAN connections

OpenVPN Configuration

First, get OpenVPN working as you desire on your primary WAN interface. Once it is properly functioning, backup your configuration. Save a copy of this backup in case something goes wrong and you want to revert to your originally working setup.

Duplicate OpenVPN Configuration

Your OpenVPN configuration needs to be duplicated so you have one server running for each WAN IP. There are two options for duplicating your OpenVPN configuration. You can either edit the config file by hand, which I choose as it was easier for me, or manually copy each field into a newly created server configuration.

Editing the Duplicated Configuration

Edit each of the OpenVPN server configurations, and in the Custom Options box, type in 'local x.x.x.x', where x.x.x.x is the WAN IP of the connection you want it to use. For example, put:

local 10.16.80.18

where 10.16.80.18 is the WAN IP it will use. For WAN connections with dynamic IP addresses, you can use a DynDNS hostname as well, such as:

local openvpn.example.com

You will also need to choose a different address pool for each connection. Everything else remains the same.

Configuring Clients

This assumes the client is already configured for the connection on the primary WAN IP, and was tested to work with the primary WAN before starting this process of enabling it for multiple WAN interfaces.

On the Windows client, go into your config folder (default C:\Program Files\OpenVPN\config) and make a copy of your existing configuration file. Edit the copied file and change the "remote ..." line to the secondary WAN's IP or hostname. Rename both the configuration files as you desire, to indicate which WAN each will use.

More than two WAN connections

This guide explained how to make this work with two WAN connections, but you can repeat the same steps to add more WAN connections. You just need a server configuration for each WAN IP.