Setup failover WAN, now some ipsec-destined traffic bypasses ipsec vpns?



  • Hi all,

    I setup the gateway group with both my gateways, one tier1 and one tier2.

    I modified the fw rule on the LAN network to allow LAN traffic and added the gateway group as the gateway under advanced per the instructions I followed but then the traffic to one of the VPNs going to 10.254.254.10/32 started going out the WAN (tier1) gateway instead of following the ipsec vpn which has that IP scoped.

    I removed the gateway group under advanced and its working normally again.

    How do I get this working with WAN failover and the ipsec at the same time? did I do something wrong?

    Thanks!


  • LAYER 8 Netgate

    When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors.

    https://doc.pfsense.org/index.php/Bypassing_Policy_Routing


Log in to reply