Fallback to Secondary OpenVPN Connection Using mwan3

My current setup involves an OpenVPN TAP connection and a WiFi network. The WiFi network has it's own dedicated network interface. I have bridged the TAP interface to the WiFi interface. Currently, if a device connects to the WiFi network, it's as if it connected to the same network as the OpenVPN TAP host.

I am attempting to add a failover to my setup. So, if my main TAP interface is not available for some reason, I'd like traffic to be router through a secondary OpenVPN instance. (I have already created this secondary instance, which is TUN in this case).

I attempted to use the mwan3 package to implement this fallback. As far as I can tell, I've done this process correctly for both of the OpenVPN interfaces, as the Load Balancing status page shows the two VPN interfaces correctly.

However, I can't find a way to access the... output(?) of mwan3? Is there a way to perhaps have the mwan3 route to a single downstream interface (that I could bridge to the WiFi network), and mwan3 handles the upstream switching between the two OpenVPN profiles?

I may be trying to go about this the wrong way. Any suggestions welcome :slight_smile:

any reason you need the openvpn bridged to wifi?

Yeah so I'm using OpenWRT in a sort of travel router scenario. I have the TAP interface bridged to WiFi so that connecting to the WiFi is essentially the same as connecting to my home network.

Simple solution: don't bridge the networks and use mwan (and forward or masquerade traffic on openvpn server side) or use a crontab script (check if interface is active/connection can be established, if not check second openvpn, if works change bridge configuration).

Would you be able to provide some more details on the steps involved in doing this?

Describe/confirm your setup:

  1. router (opewnrt?), openvpn servers on same machine?
  2. travel router (openwrt) that is used to tunel devices over openvpn to your home router?