Dual WAN IPSec with load balance gateway group

  • To keep things short....:

    • One pfsense cluster

    • Two Internet lines (2 WANs) - different providers

    • One load balance gateway group

    • Azure connection

    How can I set up the IPSec tunnels? Is it going to be one IPSec tunnel per provider public IP address? Do I have to configure BGP for this?

    Any help would be more than appreciated.


  • I assume some things here which may be wrong:

    • one pfSense cluster = HA group
    • Azure connection = your IPSEC goes to your Azure server/cluster

    We use a setup something like this one currently, just not connected to Azure but another third party. This has been used for a few years now with no issues. We only have one pfSense though, not an HA group on our side.

    For the interface, we use a two-tiered gateway failover group, and on the other side, there are two profiles set, one for each of our VPN IPs. I imagine a load balance group would work the same for IPSEC, just not prefer one over the other?

    By the time we replace our aging firewall with an HA failover group, we could use the CARP IPs in the failover group I guess? In reality, we'll likely go for BGP as well by then, but our IPSEC solution currently works fine without BGP.

    If I have misunderstood something, then please elaborate.