OpenVpn Client - Multiwan

[scimitar4444]

In the settings of the OpenVPN Client under interface, you can not select any gateway groups, but only physical interfaces. Version 17.1.X

[AdSchellevis]

a gateway isn't an interface.... you can listen on any interface or if I'm not mistaken listen on an interface group (different type of interface)

[fichtner]

interface groups are only an abstraction for the firewall rules

[scimitar4444]

Good. If so, why is there then at IPSEC? Or alternative with PFSense?
How is the automatic switching to another interface in a multiWAN environment in case of failure?
And above all else, how is a specific switching possible?
It is also a weighting (Tier Concept). This can not be achieved by firewall rules so?

[AdSchellevis]

just choose any if it may use any outbound gateway (no bind). if local may contain more addresses (in openvpn), we may consider changing the current option to a multiselect.
It could help if you dropped a config how you think it should look.

[scimitar4444]

Basically, you are right. Just how do I control the priority? In my example above, Tier 1 is a SDSL line and Tier 2 is a VDSL line at Gateway_Tunnel. The OpenVPN tunnel run always over the SDSL line. Only in the case of backup run the OpenVPN tunnel over the VDSL line. The "Normal" Internet traffic should be exactly the opposite. That always over VDSL and only in the event of failure via SDSL. This is the Gateway_Internet.

[AdSchellevis]

From openvpn's perspective you don't, the interface only drives the bind address, sending traffic is a gateway decision.
You might define a firewall rule for outbound traffic, steering it the right way using policy routing via the gateway group, shouldn't be that hard to try.
(It might be an idea to bind to an internal address and policy route from there).