So I have two sites rocking pfsense which I want to connect with OpenVPN (each site has a single WAN), my options are:
In each scenario above if one side fails the connection goes down, what is the best approach to provide redundancy ? My thoughts were going towards a gateway group somehow …
Hi Neogrid,
Have you seen this video?
~Sean
Thanks that’s for WAN’s, this is for a home not business scenario so adding a second WAN is too expensive so to speak. I’m thinking there is a way to do this but I’m getting stuck at how to route traffic to the same site albeit on different ports.
I’m a little confused the the redundancy part of your question.
With that being said, I can tell you that setting up a peer-to-peer works well for me. If one side goes down, OpenVPN automatically reconnects when it comes up again.
The redundancy is for the actual “openVPN connection” between the site, if that goes down I have to take some action, that’s way too much effort 
I have a paid for VPN service which has three connections to their servers, if one server goes down the traffic will flow to the next available connection as I have setup a gateway group. I don’t need to do anything
My thinking was to achieve something similar between two sites with openVPN.
I have been using OpenVPN peer-to-peer between two residential sites for about 5 years. The only time I have had any issues is if the ISP connection fails, but, like I said, it automagically re-connects when it sees the connection is available again.
As for the OpenVPN service failing, you could set up Service Watchdog, which monitors other services that you tell it to and it will restart the service if it sees that it has failed.
I have found Service Watchdog handy for DNS and DHCP services as well.
Be sure to set up e-mail notifications so you know something was addressed by the watchdog service.
Thanks for the input, I have Zabbix running so I can monitor them though I’m just thinking companies WILL have a redundancy solution that I might be able to adopt using pfsense.