OpenVPN server on failover mwan3 setup

I have an OpenWRT router with two uplinks:

  • WANa: fast internet connection over LTE -> no public IP
  • WANb: slow internet connection over xDSL -> public IP on the modem, whereas OpenWRT is behind a NAT and port forwarding (udp/1194) is set up.

I have a failover setup working which prefers WANa as this is the faster connection.

I would like to have the router accessible via OpenVPN from the WAN side -> as only WANb has a public IP address, I am trying to connect to the public IP of WANb. I can see OpenVPN packets coming in through WANb and the router replying to them on WANa as this is the default preferred WAN interface (policy wana_wanb). -> this is with just having the " default_rule_v4" active

I tried creating a rule with "src port 1194" that should go via WANb, but than I don't see any OpenVPN packets being sent out from the router, neither WANa nor WANb. Whereas the log shows:
MWAN3(vpn)IN= OUT=eth2 SRC= DST=clientip LEN=94 TOS=0x00 PREC=0x00 TTL=64 ID=47503 PROTO=UDP SPT=1194 DPT=36336 LEN=74

How can I make this work? Is my thinking with the vpn rule wrong?


Option you are looking for is sticky, if i resemble correctly.