Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Gateway Groups with GRE tunnels

    Routing and Multi WAN
    1
    1
    210
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wein72
      last edited by

      Hi
      I have pfSense at Main Office with only one WAN interface (one ISP) and Mikrotik with two ISPs (dual WAN) at branch office. I want to make some kind of site-to-site between Main Office and branch with simple failover. I'm kindly new to pfSense and used mostly Mikrotik-Mikrotik combinations for such purposes before. With Mikrotik I simply used two ip-ip tunnels with IPSec between routers and two static routes with different metrics (distance) on every side. This scheme works fine without using any additional routing protocols (such as OSPF, BGP etc): when one ip-ip tunnel goes down, the route via second one becomes active and switching takes some seconds.
      I didn't find any other more simple ways than GRE tunnels to connect pfSense with Mikrotik. I've successfully set up two GRE tunnels (with IPSec, of course) between my pfSense and every ISP in branch office on Mikrotik. Tunnels are working, I can route traffic between remote LANs via them using static routes. But this works with only one tunnel at time. I can not add two static routes to one destination with different metrics (like it is on Mikrotik). I guess that Gateway Groups functionality can help me here, but I didn't understand how should I use it in my case. As I understood, Gateway Groups can be used only in Firewall rules. I tried to create Gateway Group from two GRE tunnels and add simple permissive firewall rules to LAN interface, something like:
      Source - pfSense LAN subnet
      Destination - Mikrotik LAN subnet
      Gateway - Gateway Group of two GRE tunnels
      On GRE interfaces there are also permissive firewall rules for everything.
      And nothing happened. I can't ping or tracert to Mikrotik LAN from machine in pfSense LAN, it stucks on 1st hop on pfSense local IP like there's no any route to there. In system routing table on pfSense I also can't see any routes to Mikrotik LAN.
      How should I properly set up Gateway Groups for my case?
      Or it's fundamentally wrong idea and it will not work? In such case I didn't understand for which purposes are the Gateway Groups used.
      I don't want to use something like OSPF and so on.
      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.