Setup failover WAN, now some ipsec-destined traffic bypasses ipsec vpns?

  • Hi all,

    I setup the gateway group with both my gateways, one tier1 and one tier2.

    I modified the fw rule on the LAN network to allow LAN traffic and added the gateway group as the gateway under advanced per the instructions I followed but then the traffic to one of the VPNs going to started going out the WAN (tier1) gateway instead of following the ipsec vpn which has that IP scoped.

    I removed the gateway group under advanced and its working normally again.

    How do I get this working with WAN failover and the ipsec at the same time? did I do something wrong?


  • LAYER 8 Netgate

    When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors.

Log in to reply