Dual WAN group not working with IPSEC VPN



  • I've been trying to get this working for months by searching online and the forum, but simply cannot get it to work.

    I have a main site with 2 satellite offices, each one has a primary and secondary WAN connection through different ISPs. Gateway groups are configured and the WAN fail-over works perfectly for internet access, but it will not reconnect the VPN from the secondary WAN connection.

    I saw a post that mentioned the VPN should be configured to use the LAN interface instead of the Gateway group, but that configuration caused both connections to go down when the primary was offline.

    I also recently found a post about configuring DynDNS, so both sites would know about both remote IP addresses. It was already configured with DynDNS, but only 1 IP, so I updated DynDNS on Wednesday morning to include both IPs at all locations. Tested the fail-over this morning and still had the same problem (internet comes back up on the secondary but the VPN will not connect). I verified that both pfSense devices were finding both IP addresses through DNS (diagnostics/DNS lookup).

    I ran across this post today, which seems to indicate that VPN fail-over is not possible through IPSEC, is that correct?
    -https://forum.pfsense.org/index.php?topic=131558.0
    -Not IPSec, so I don't know if it fits your needs, but OpenVPN, here: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN

    The pfSense devices are running 2.3.3-release-P1 and 2.3.3-Release.

    Thank you and please let me know if there is more info I can provide.

    Troy



  • First, I'd like to ask if there is a problem with my account or if I somehow offended anyone?

    Both this post and my last one, although they have received a number of views, haven't received any replies and the icon to the left of my post has a smiley face on it.

    Just wondering if the question is that difficult or if it was something I did.

    If it's just that difficult a question, I have more to add.
    A couple days after configuring DynDNS, the main location experienced a power outage and when the firewall came back up, it would not reestablish the VPN to one of the satellite offices. I tried manually starting the VPN and rebooting both devices (waited for about 90 minutes after reboot for the VPN to reconnect), I removed the DynDNS entry for the VPN target and it connected right up.



  • If it is critical to get this working I suggest you buy some support hours.  Contact support to discuss first.  For done things which were very complicated this is what I have done.

    It is been more than a year but I eventually gave up on this.  I think using openvpn might be easier but not sure.  I wish you luck with this!


Log in to reply