Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS Dynamic VPN with PFSense (routed mode)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 470 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vMario
      last edited by

      Hello,

      I have set up dynamic VPNs along with FRR BGP with PFsense 2.4.4.3 sing VTI interfaces (routed mode). The PFSenses are configured in HA (cluster mode). The tunnels are working fine with first node. When I try to simulate the fail-over by shutting down the first node, the tunnels don't bring up themselves automatically on the second node. Is there any option/way to fix it? I want to automate this process. By doing manually on the second node works fine.

      Cheers

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What happens if you do a proper failover test by putting the primary in maintenance mode before you shut it down?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • V
          vMario
          last edited by

          The failover itself works fine by entering to maintenance mode but the VPN tunnels don't want to bring up. They should and it works when tunnels are terminated with other vendors. This situation is only with AWS cloud. Moreover, the pfsense should initiate the connection. The AWS never brings the VPN tunnels up. In case when I use the policy based VPN (the traffic initiated behind the firewall) it works fine. Moreover, the same setup as I have now such as VTI interfaces, routed-based VPNs were configured on VyOS which switchover the tunnels automatically in case of failover.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.