pfSense with two WAN’s (Both Teir1) with OpenVPN

Hi everyone,
I have enjoyed watching Tom’s videos for quite some time now and really respect his reviews.

I have a bit of a dilemma.

I was able to secure a second static IP Internet feed from AT&T to augment my Comcast for Business Fixed IP, original Internet feed.

The Firewall is a pfSense 2.6.0-RELEASE with two Wan interfaces and one Lan Interface.

I had originally setup OpenVPN server that is using Wan1 as its gateway and all the current users connect to that Wan1 interface, at this time.

The Firewall is now setup to Loadbalance/Failover on both WAN’s using Gateway Group.

I would like to have some redundancy for our remote users be able to connect to this office on our multihomed pfSense router/firewall.
Connect with either Wan interface in cases where one ISP or the other goes down for whatever upstream issue or another.

Option 1. Setup a 2nd OpenVPN server on the same pfSense router, using the new Wan2 as the gateway and exporting an ovpn file for each of the remote users as a 2nd VPN connection for contingency.


Option 2. Reconfigure the current OpenVPN server to be aware of the new second WAN connection and re-issue new ovpn configuration files to all the remote users that would automatically test for available Wan1 or Wan2 interfaces to connect to our Lan.

What to you think and does anybody have any advice on which option is best.

Thank you for reading this.

Clients may be configured to use the second WAN by adding a second remote statement to their configuration, that is the way I would go. It’s documented on their site.


Thank you Tom, I apreciate your response on this.

1 Like

I would say the same as Tom said.
Also, you could experiment with DNS load balance. Add the 2 WAN ips on the host name and configure the DNS server to serve each one in round robin.