Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple WAN issue with IPSec VTI + FRR

    Scheduled Pinned Locked Moved FRR
    2 Posts 2 Posters 704 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shellingfox
      last edited by

      Hi,

      I have pfsense box setup with 1 LAN (172.16.4.0/24) and 2 WAN.

      I has use 1 WAN for setup 2 IPSec connection to AWS VPN, and configure as VTI. BGP setting using FRR, all working fine:

      0_1547532160658_sg4860_vn_-_VPN__IPsec__Tunnels.png

      0_1547532265733_Banners_and_Alerts_and_sg4860_vn_-_Services__FRR__Status__BGP.png

      And the ping to AWS IP is working in pfsense box:
      0_1547532362749_sg4860_vn_-_Diagnostics__Ping.png

      Also working on my computer:
      0_1547532392835_1__sanglt_Sangs-iMac_____zsh_.png

      The problem just came after I update the Firewall Rules for LAN from Default into MultipleWAN Gateway. I can only ping from pfsense box to AWS, but the dynamic routing doesn't apply to other computer inside LAN.

      How to get the benefit of VTI and MultipleWAN Gateway working? I can setup P2 rules and get its working, but its hard to maintain and since I use the VPN from Transit Gateway, with more and more account added into TGW, its very hard to add P2 rules.

      Thanks,

      1 Reply Last reply Reply Quote 0
      • B
        bruor
        last edited by

        In case anyone stumbles across this. The solution is to create a rule on the LAN interface that uses the "default" gateway for packets headed toward subnets that live on the other side of the VTI tunnels. This new rule needs to be higher in the list than the rule that you create which redirects incoming packets to a gateway group.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.