Dual WAN IPSec with BGP
-
Hello all, I have the following setup and I would like to know how it is better to configure my pfsense devices.
Site A
Dual WAN pfsense - Provider X & Provider YSite B
Dual WAN pfsense - Provider X & Provider YTwo IPSec tunnels between site A and site B
IPSec 1: Site A provider X with Site B Provider X
IPSec 2: Site A Provider Y with Site B Provider Yboth IPSec tunnels are Routed IPSec and for both of them I am using BGP (I configured two BGP neighbors in every side).
My problem is that every time that I am configuring the second IPSec and I configure the BGP neighbor, I loose connectivity.
Am I doing something wrong in the configuration? What I want to achieve is having BGP taking care of any line failure and send the traffic to the other IPSec when the one IPSec is down. So basically I need it for failover.
Thank you in advance.
-
@christ i am looking for a good solution to that use case as well. any progress on your side?
-
@metisit Still no progress as I am facing some other issues here.
Honestly I start thinking to revert to normal static IPSec, but the fact that I won't have to step in in the middle of a "crisis" and let BGP do its job, keeps my faith to this configuration.
As soon as I solve the other issue that I have, I will give it a shot.
According to Netgate support, what I mention at the beginning is totally reasonable and can happen.
I'll keep you posted.
Chris