4. Setup failover WAN, now some ipsec-destined traffic bypasses ipsec vpns?

Setup failover WAN, now some ipsec-destined traffic bypasses ipsec vpns?

  • T

    Hi all,

    I setup the gateway group with both my gateways, one tier1 and one tier2.

    I modified the fw rule on the LAN network to allow LAN traffic and added the gateway group as the gateway under advanced per the instructions I followed but then the traffic to one of the VPNs going to 10.254.254.10/32 started going out the WAN (tier1) gateway instead of following the ipsec vpn which has that IP scoped.

    I removed the gateway group under advanced and its working normally again.

    How do I get this working with WAN failover and the ipsec at the same time? did I do something wrong?

    Thanks!

    0
  • LAYER 8 Netgate

    When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors.

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy