Hi, > > > we tried to use OpenVPN Server on two-nic (both are internet-connected) > > > server. > > > udp packets always go out on default gateway, even if they came from > > > another nic.
> In the meantime, i thought about using --float on the clients. This should > work. I run in the same situation and tried to work around the problem by using the "local" configuration option in order to force the OpenVPN process to bind on each outgoing interface instead of the default wildcard bind. This way, OpenVPN UDP packets are replied on the interface they came from. Unfortunately, for two outgoing interfaces this means having two separate OpenVPN instances running. If your requirement is just high availability rather than load balancing, combining the mentioned setup with heartbeat works just fine. However, i was not able to SNAT outgoing connections to their respective interface address by using iproute/iptables and connection marks. But the trick using a dummy interface and bind OpenVPN to it like Till Maas suggested looks promising. regards, Robert
