Hail Folks, I’ve a PFSense Server with 4 different internet connections, I’ve been set OpenVPN to listen on all interfaces and it is working gorgeous. I would like to receive connection on the more avaliable link, today I set it manually on client (Link 1, Link 2, Link 3, Link 4), and the client test which connection is more avaliable and fast and stay there… the question is: Does anyone here use a smart way to do that ? I was spending some hours thinking a way to use snmp to test links and send to the client side the best link to connect, but I guess there already is a better way to do it, as the same way we have a load balance on gateway for outgoing connection we shoud have it to incoming connection.
What I’ve set up for my paid for VPN connections might work in your scenario as a starting point.
Setup a gateway group System>Routing>Gateway Groups add your interfaces (actually mine displays the openVPN interfaces too) set the trigger level to “Packet Loss or High Latency” then the fastest connection will be selected.
Then in your rules add your new gateway group to the gateway for WAN traffic.
This works for outgoing traffic, but with OpenVPN clients you probably need to add the gateway group but I’m not sure how the client will know which connection to choose (perhaps there are some parameters you can add to the openvpn client though I do not know which). If you have a Site to Site VPN on the client side then it will work.
I’d be curious if you get your setup to work and how you did it.
Hey Bro, thanks for your response, but, it will not work properly as I’m looking for, the client side can’t decide the best link to connect because ur propose steps will hadle with outgoing traffic only, but THX a lot for your support and good intention… anyway I will continue to find a way to do that, if I discovery… OFC I will share with u guys. Cya.
Just an idea … from the client issue the command ping -c 3 server ip address to each server and you have results for the latency then you’d pick the connection manually. There might be a way to do this in the custom options for the certificate somehow …
Yeahhh ! I should work better, because is based on client side. Ty, But I’m sure that I will find a way to do a sort of automatization… and as I’ve promissed, I will share with community here. Thx again for ideas and support.
I don’t recall seeing anything built in to openVPN to do what you want so (as I think you already realised) you will need to roll your own system for picking the “best” connection to come in on.
Yep I notice The question was… if someone has already did something like that before. Thx Gare