Dual wan with mobile ipsec fail
-
I added a second WAN (ATT) and changed the default gateway to the new ISP (ATT) and modified the rule for ipsec to use the SONIC gateway. Both wan connections are up and active.
When the default is set to ATT mobile IPSEC fails.
When the default is set to SONIC it has no issues.The mobile client is set to use the SONIC connection.
IPSEC is set to use SONIC as gateway instead of default.
No rules on LAN have been set to use anything other than default. -
Really????
-
At the risk of necro'ing this, I wanted to mention I'm having the same issue on 2.2.2 with dual-WAN, cable and DSL.
If I manually add the temporary IP I have from my 4G provider to pfSense to a route pointing to the non-default gateway, I can connect the client successfully. Without that route, the client gets no response from the server.
It looks like requests are coming in on the secondary WAN connection, then attempting to return via the primary WAN connection that I have set up as default on pfSense.
I don't know where to set up the routing to tell pfSense that I want to route all mobile IPSec traffic regardless of origin back out through the secondary WAN connection. The initial connection can't be made, so I don't think any routing behind that is worth fiddling with yet.
Any ideas?
-
Mobile IPsec rules don't get added with reply-to, so it only works by default on the WAN where your default route resides. If you manually add UDP ports 500 and 4500 rule(s) on the other WAN, it'll add the reply-to, which will do the return routing correctly.