Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN group not working with IPSEC VPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 717 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomsted
      last edited by

      I've been trying to get this working for months by searching online and the forum, but simply cannot get it to work.

      I have a main site with 2 satellite offices, each one has a primary and secondary WAN connection through different ISPs. Gateway groups are configured and the WAN fail-over works perfectly for internet access, but it will not reconnect the VPN from the secondary WAN connection.

      I saw a post that mentioned the VPN should be configured to use the LAN interface instead of the Gateway group, but that configuration caused both connections to go down when the primary was offline.

      I also recently found a post about configuring DynDNS, so both sites would know about both remote IP addresses. It was already configured with DynDNS, but only 1 IP, so I updated DynDNS on Wednesday morning to include both IPs at all locations. Tested the fail-over this morning and still had the same problem (internet comes back up on the secondary but the VPN will not connect). I verified that both pfSense devices were finding both IP addresses through DNS (diagnostics/DNS lookup).

      I ran across this post today, which seems to indicate that VPN fail-over is not possible through IPSEC, is that correct?
      -https://forum.pfsense.org/index.php?topic=131558.0
      -Not IPSec, so I don't know if it fits your needs, but OpenVPN, here: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN

      The pfSense devices are running 2.3.3-release-P1 and 2.3.3-Release.

      Thank you and please let me know if there is more info I can provide.

      Troy

      1 Reply Last reply Reply Quote 0
      • T
        tomsted
        last edited by

        First, I'd like to ask if there is a problem with my account or if I somehow offended anyone?

        Both this post and my last one, although they have received a number of views, haven't received any replies and the icon to the left of my post has a smiley face on it.

        Just wondering if the question is that difficult or if it was something I did.

        If it's just that difficult a question, I have more to add.
        A couple days after configuring DynDNS, the main location experienced a power outage and when the firewall came back up, it would not reestablish the VPN to one of the satellite offices. I tried manually starting the VPN and rebooting both devices (waited for about 90 minutes after reboot for the VPN to reconnect), I removed the DynDNS entry for the VPN target and it connected right up.

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          If it is critical to get this working I suggest you buy some support hours.  Contact support to discuss first.  For done things which were very complicated this is what I have done.

          It is been more than a year but I eventually gave up on this.  I think using openvpn might be easier but not sure.  I wish you luck with this!

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.