Hello everyone,
Before actually posting my suggestion, let me give everyone a bit of context.
I’m working for a company using MT routers as OpenVPN clients installed in various customer locations. For redundancy we use a combination of main/3G link or, if we really don’t have wired internet, 3G/3G.
Over the main link we initiate an OpenVPN connection to a central pfSense firewall cluster. This part works extremely well (I was actually pleasantly surprised).
And now, my annoyance: if one tries to SSH to the box via the main link, all works as expected. If, for various reasons, someone wants to connect to the box via the backup link, by default, this is not working.
A quick and dirty work around exists (documented here in the forum), but involves doing some connection manipulation and adding routing marks. At the end of the day is not a big issue, but personally I like to keep my configs as small and clean as possible.
For short, the request could be summarised as follows: if a connection is initiated to the box, the box should answer via the interface the request came from, not use the default outgoing interface from the routing table.
What do you guys think?