AWS Dynamic VPN with PFSense (routed mode)
-
Hello,
I have set up dynamic VPNs along with FRR BGP with PFsense 2.4.4.3 sing VTI interfaces (routed mode). The PFSenses are configured in HA (cluster mode). The tunnels are working fine with first node. When I try to simulate the fail-over by shutting down the first node, the tunnels don't bring up themselves automatically on the second node. Is there any option/way to fix it? I want to automate this process. By doing manually on the second node works fine.
Cheers
-
What happens if you do a proper failover test by putting the primary in maintenance mode before you shut it down?
-
The failover itself works fine by entering to maintenance mode but the VPN tunnels don't want to bring up. They should and it works when tunnels are terminated with other vendors. This situation is only with AWS cloud. Moreover, the pfsense should initiate the connection. The AWS never brings the VPN tunnels up. In case when I use the policy based VPN (the traffic initiated behind the firewall) it works fine. Moreover, the same setup as I have now such as VTI interfaces, routed-based VPNs were configured on VyOS which switchover the tunnels automatically in case of failover.
