IPSec Multi-WAN to One WAN
-
We have an web server (with stable internet connection) and office with two "home style" (unstable) WAN connections, i need to make stable 2 WAN to 1 WAN IPSec (Gateways Routed VTI) balancing connection, IPSec with 1 WAN to 1 WAN works good, if i make second WAN IPSec, GUI is says that IP alredy in use, but i have make it with alternate DNS name, and IPSec is UP, but there is no connection inside tunnel, is there an limitation in IPSec with this solution and OpenVPN is only one way?
-
Sounds similar to the problems I had: https://forum.netgate.com/topic/152246/interface-ipsec6000-not-being-added-for-vti-tunnel
-
I changed it to use a gateway group
I don't understand, what you mean, what problems you have and how you fix it? -
I was trying to setup IPSec between one site with good connection, and one with 2 low-quality ones.
It does not work as 2 IPSec tunnels. You need to make one IPSec tunnel using gateway group on the low-quality side. Follow the links and there is instructions. -
It's not suitable for me, because IPSEC failover using Dynamic DNS and multi WAN doesn't work properly (with WAN failure it need some time to resolve new IP, and when WAN is UP DynDNS is not refresh so fast, but IPSec is using wrong WAN gateway and didn't connect till DynDNS new IP refresh).
I want to make load balancing with IPSec VTI gateways (without connection drops) on pfSense side, so - both connections must be UP all time. and when one connection is fails - another stay UP without any connection drops for tunneled networks.
But, as i see, it isn't standard situation for pfSense IPSec - when 1 WAN Server is using for 2 WAN's Servers.