(SOLVED) IPSEC on WAN and OpenVPN on WAN2 connection to same server
I have 3 sites, A, B and C. Site A and B have WAN1 with dedicated IPs and WAN2 over cellular (NAT-ed). Site C is cabled but also NAT-ed.
I currently have an IPSEC connection between Site A and B on WAN1. I'd like to setup a backup OpenVPN connection on WAN2 for A and B. Devices on A and/or B should Failover to OpenVPN when IPSEC is down.
Site C will connect to either Site A or B on the same backup OpenVPN connection, or a different one if required.
I don't know how to approach this, because IPSEC P2 and OpenVPN will have access the same subnets on the remotes, but I want IPSEC to be a primary route.
My solution ATM is to use FRR and OSPF. I've setup IPSEC VTI on the WANs with public ips, and one openvpn pair for each WAN2 over the natted cellular connections. I have 3 vpn connections in total between A and B. OSPF will usually default on the IPSEC connection and use OpenVPN when IPSEC is down.
I'd have set it up faster with some gateway groups and port forwards, but I expected it'd got too dirty when throwing site C in the mix. Haven't setup site C yet but I expect it will work in this setup.