Or, if anyone else has a working config with:
- 2xWAN load-balance with one failover-only
- DNS forwarder with upstream traffic isolated to active WAN interface
- OpenVPN Server accepting connections on either WAN interface
- And ideally:
- curl --interface working properly, out either WAN interface
- ping working such that it only does out the active WAN interface, without specifying -I