Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec Multi-WAN to One WAN

    IPsec
    2
    5
    47
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gektor last edited by

      We have an web server (with stable internet connection) and office with two "home style" (unstable) WAN connections, i need to make stable 2 WAN to 1 WAN IPSec (Gateways Routed VTI) balancing connection, IPSec with 1 WAN to 1 WAN works good, if i make second WAN IPSec, GUI is says that IP alredy in use, but i have make it with alternate DNS name, and IPSec is UP, but there is no connection inside tunnel, is there an limitation in IPSec with this solution and OpenVPN is only one way?

      1 Reply Last reply Reply Quote 0
      • M
        mix_room last edited by

        Sounds similar to the problems I had: https://forum.netgate.com/topic/152246/interface-ipsec6000-not-being-added-for-vti-tunnel

        1 Reply Last reply Reply Quote 0
        • G
          Gektor last edited by

          I changed it to use a gateway group
          I don't understand, what you mean, what problems you have and how you fix it?

          1 Reply Last reply Reply Quote 0
          • M
            mix_room last edited by

            I was trying to setup IPSec between one site with good connection, and one with 2 low-quality ones.
            It does not work as 2 IPSec tunnels. You need to make one IPSec tunnel using gateway group on the low-quality side. Follow the links and there is instructions.

            1 Reply Last reply Reply Quote 0
            • G
              Gektor last edited by

              It's not suitable for me, because IPSEC failover using Dynamic DNS and multi WAN doesn't work properly (with WAN failure it need some time to resolve new IP, and when WAN is UP DynDNS is not refresh so fast, but IPSec is using wrong WAN gateway and didn't connect till DynDNS new IP refresh).
              I want to make load balancing with IPSec VTI gateways (without connection drops) on pfSense side, so - both connections must be UP all time. and when one connection is fails - another stay UP without any connection drops for tunneled networks.
              But, as i see, it isn't standard situation for pfSense IPSec - when 1 WAN Server is using for 2 WAN's Servers.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy