Routed VTi dual IPSEC failover

  • Hello,
    I have pfSense VA on both sites and currently running 2 IPSec routed VTi tunnels (dual WAN). I tried making failover on secondary IPSec (no Load Balance) and everytime I'd do policy based routing the primary ipsec gateway falls and becomes unavailable while other isn't used at all while both tunnels stay up. I used alias with networks and did it on floating rules. I need to route multiple networks from office over it and multiple networks on main site. What's the best practice doing it this way? Should it be done on Floating rules (but I don't need to route all networks over ipsec), or each LAN interface individually? Is just rule with Failover ipsec gateway group enough?
    Remember, I just need basic failover (gateway tier1 down > switch to tier2 gw) and switch back of course when it becomes available again.
    Currently everything is static routed over IPSec primary (fast link) and works fine (till ISP decides to drop connection randomly)


Log in to reply