Site to Site VPN over multiple WAN with IPSec? How?
-
I know how to create a site to site VPN with multiple WANs between sites using OpenVPN. (Using the Quagga-OSPF addon).
I can't figure out how to accomplish the same thing with IPSec, instead of OpenVPN.
I tried the instructions at the URL below to set up Routed IPSec (VTI), thinking I could combine that with OSPF, but I can't get that IPSec tunnel to route. I think those instructions are missing some steps and those same instructions seem to be referenced in several places.
Does anyone have some working instructions for setting up multiple VPN links between sites, using IPSec and OSPF (or something similar for resiliency)?
Thanks!
-
https://www.youtube.com/watch?v=AKMZ9rNQx7Y
Dynamic routing starts at about minute 24.
-
I just watched that video but it doesn't show an example of VPN connections over multiple WAN using OSPF or BGP or anything, it only shows a single VPN connection and routing over that.
Also, I forgot to paste the link to the instructions in my previous post. Here is that URL:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-routed.html -
It will be the same as over OpenVPN or any two links.
-
I figured out why my setup wasn't working. I had created Firewall rules under IPSec that allowed specific networks to connect to other specific networks. Once I created wildcard rules (anyone can talk to anyone on this interface), the IPSec tunnels started talking to each other and I was able to get FRR configured. Quagga OSPF wasn't working for me so I tried FRR and it worked fine.