Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing with failover IPSEC VTI - IPVPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 255 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bbiketa
      last edited by

      7b1bc6fb-8a01-4446-8928-fc48d5cb5d4a-image.png
      Hello,
      I'm not new to PfSense but am to this community. I have problem with configuring multiple GW failover with MPLS VPN and IPSEC VPN. So now I need to configure failover with 2 ISP-s. One ISP is providing ONLY IPVPN (directly routed) tunnel, from user to datacenter - not internet, just IPVPN. User has secondary ISP which also provides internet and if the IPVPN tunnel breaks I need to failover it automatically to IPSEC. Public addresses are fixed.
      Do I have to make 3 gateway groups (one for Load balancing, one for ISP1_fails-IPSEC_use and IPSEC_fails-ISP1_use)?
      10a5b6f9-d102-414c-82f6-8ccd59dc4893-image.png
      There is just one local (LAN) network in datacentre 172.25.0.0/24 (ISP1 has GW there for IPVPN) and on remote location there are multiple networks, four networks 192.168.50.0/24, 192.168.51.0/24 and I can't remember other 2 (which are not important).
      I've done IPSEC VTI mode and it pings interfaces normally. But not further.
      How would policy based routing look for this case (I have to use it since I cannot do static routing via Gateway group)?
      It looks something like this in test lab:
      39294bf4-177d-443b-9bd6-65f3a423284d-image.png

      I tried figuring out this situation in test lab before I'd work on the real deal but I can't get it to failover and it always uses same route (doesn't use policy based route since it doesn't trigger counters), not sure what I'm doing wrong.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.