IPsec failover - without dyndns



  • So I came across this post https://forum.netgate.com/topic/52963/ipsec-multi-wan-failover

    and it seems the only way to do multi-wan fail over is using dynamic dns. I was hoping there was a different way to accomplish this.

    My current thought is to have my peer configure two tunnels on their end. One to each end point.
    Then configure two tunnels on my side, leaving the back up disabled.

    Then on the event of a primary wan failure. Disable the primary tunnel and enable the secondary tunnel.

    I have done this in the past with an old Juniper SSG5 but I never attempted to automate the process.

    Has anyone attempted this on pfSense?

    thank you!