Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway Group, Routed VTI IPSEC tunnels and failover

    IPsec
    1
    2
    74
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lc63
      last edited by

      Hello,

      I have two VPN tunnels, from the same network (AWS), to provide redundancy. The IPSEC connection (Routed VTI) on the pfSense side is functional for both tunnels.

      But for redundancy, I'd like to do automatic failover. I've defined a Gateway Group, bringing together the two IPSEC interfaces. I've specified this Gateway in my firewall rules. However, as soon as I remove the static route (defined for a single IPSEC interface, as I can't define two on the same network), the VPN network is no longer routed.

      Is it possible to do automatic failover with Gateway Group and Routed VTI IPSEC tunnels ?

      L 1 Reply Last reply Reply Quote 0
      • L
        lc63 @lc63
        last edited by

        @lc63
        The answer seems to be no. I have switched to Policy-based mode for tunnels, which allows failover automatically.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.