IPSec and gateway groups

  • Hello,

    I understand that pfSense has no support for automatically dropping and reconnecting an IPSec tunnel configured on a gateway group if the current gateway reaches the Trigger Level for the set type. I.e. if I have an IPSec tunnel over a gateway group with GW_A (Tier 1) and GW_B (Tier 2) with Trigger Level set to high latency, IPSec will keep using GW_A even if the high latency event is triggered.

    While we wait for Netgate (assuming they'll ever fix this), I want to implement the functionality in a cron script, since clients keep calling me that the Internet works but they have trouble connecting to their SaaS provider. The idea is to extract the gateway group information, "manually" check in the script whether something's wrong with any of the gateways, and if that's the case, move those gateways to a low tier while moving the good ones up.
    I know this sucks, but it sucks less than broken connectivity. :)
    Can anyone help me with extracting and rewriting configuration? Is there any documentation for that?