• Hi!

    Running pfsense with about 15 local vlans connecting to 20-30 sites over IPSEC tunnels. Each vlan is for a different customer that is running at our site. We are in the process of migrating a bunch of customers to a new pfsense cluster off of customer specific pfsense vm's.

    I've run into an issue where I have a local vlan, 192.168.1.0/24 (customer 1) and a remote vlan for another customer (customer2), 192.168.1.0/24.

    For all of the sites we connect to using regular ipsec tunnels, but for the customer 2 we have redundant VPN tunnels and we're using FRR's BGP to handle failover. The issue I'm having is since Customer 2's remote network is being learned through BGP, it goes into the pfsense's routing table so when I try to route traffic to 192.168.1.0/24 through the tunnel for customer 2, the pfsense tries to send it to the local vlan for 192.168.1.0/24. any thoughts on how to route traffic properly? I dont have this problem if I'm not using BGP because of how IPSEC handles routing. I know I can always goes back to an individual virtual pfsense for this customer but I'll lose the firewall cluster redundancy.

    thanks in advance for your help!