Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (SOLVED) IPSEC on WAN and OpenVPN on WAN2 connection to same server

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 271 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netnewb2
      last edited by netnewb2

      Hi,

      I have 3 sites, A, B and C. Site A and B have WAN1 with dedicated IPs and WAN2 over cellular (NAT-ed). Site C is cabled but also NAT-ed.

      I currently have an IPSEC connection between Site A and B on WAN1. I'd like to setup a backup OpenVPN connection on WAN2 for A and B. Devices on A and/or B should Failover to OpenVPN when IPSEC is down.

      Site C will connect to either Site A or B on the same backup OpenVPN connection, or a different one if required.

      I don't know how to approach this, because IPSEC P2 and OpenVPN will have access the same subnets on the remotes, but I want IPSEC to be a primary route.

      N 1 Reply Last reply Reply Quote 0
      • N
        netnewb2 @netnewb2
        last edited by

        My solution ATM is to use FRR and OSPF. I've setup IPSEC VTI on the WANs with public ips, and one openvpn pair for each WAN2 over the natted cellular connections. I have 3 vpn connections in total between A and B. OSPF will usually default on the IPSEC connection and use OpenVPN when IPSEC is down.

        I'd have set it up faster with some gateway groups and port forwards, but I expected it'd got too dirty when throwing site C in the mix. Haven't setup site C yet but I expect it will work in this setup.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.