pfSense

Prereqs:
1) Need at least 3+ VPN providers
2) at least one of the VPN providers needs to use the TLS private key configuration within openvpn client configuration
3) at least one of the VPN providers does not use the TLS private key configuration within openvpn client configuration
4) each VPN provider, you must have at least 2 openvpn client connections to their service
5) each openvpn client will have it's own interface. The only change from default on the interface is bogon is checked
6) Create a VPN gateway group (trigger is high latency or packet loss)
- WAN iface - never
- VPN A iface 1 - tier 1
- VPN A iface 2 - tier 1
- VPN B iface 1 - tier 2
- VPN B iface 2 - tier 2
- VPN C iface 1 - tier 3
- VPN C iface 2 - tier 3
7) configure outbound NAT for each openvpn client interface
8) via lan rule, route internal client traffic out from LAN to VPN gateway group

VPN detail:
VPN A - is the provider that does not have TLS key
VPN B - has TLS key
VPN C- has TLS key

Configuration is now setup to show issue. what I am finding is that even though per documentation of the tier configurations, VPN A will not get any traffic loaded balanced to it in this configuraiton. The gateway group instead routes all internal traffic through VPN B (which has the TLS key and is defined as tier 2). Some odd issue with openvpn client configurations and the gateway group that have a mix of TLS key and not.