Multiple WAN issue with IPSec VTI + FRR



  • Hi,

    I have pfsense box setup with 1 LAN (172.16.4.0/24) and 2 WAN.

    I has use 1 WAN for setup 2 IPSec connection to AWS VPN, and configure as VTI. BGP setting using FRR, all working fine:

    0_1547532160658_sg4860_vn_-_VPN__IPsec__Tunnels.png

    0_1547532265733_Banners_and_Alerts_and_sg4860_vn_-_Services__FRR__Status__BGP.png

    And the ping to AWS IP is working in pfsense box:
    0_1547532362749_sg4860_vn_-_Diagnostics__Ping.png

    Also working on my computer:
    0_1547532392835_1__sanglt_Sangs-iMac_____zsh_.png

    The problem just came after I update the Firewall Rules for LAN from Default into MultipleWAN Gateway. I can only ping from pfsense box to AWS, but the dynamic routing doesn't apply to other computer inside LAN.

    How to get the benefit of VTI and MultipleWAN Gateway working? I can setup P2 rules and get its working, but its hard to maintain and since I use the VPN from Transit Gateway, with more and more account added into TGW, its very hard to add P2 rules.

    Thanks,


Log in to reply