Multi-WAN + MultiVPN failover - is it allowed?
If i have
WAN1 - GW1 (WAN1 - T1, WAN2 - T2) - member down
WAN2 - GW2 (WAN2 - T1, WAN1 - T2) - member down
VPN1 - Interface: GW1
VPN2 - Interface: GW2
VPNGW - (VPN1 - T1, VPN2 - T2) - memberdown
Is this a valid config to give me redundant VPN with redundant WAN?
Will a config like this introduce any problems, i should know about?
My guess would be "likely yes" based on below, but I used different Tiers in each Gateway Group ....(to avoid any potential conflicts that might not even be there!)
I have VPN redundancy and WAN failover in a slightly different way but it uses similar Gateway group mechanism.
Might be useful to detail here, but it doesn't answer specific question about your config.
Main WAN connection = DHCP with 3 VPN clients sharing traffic. Any failing VPN is dropped and load shared over remaining two. (Redunancy between VPN's)
Pull WAN cable => connection fails over to LTE Wireless and VPN's re-establish connection. ...Takes a couple of minutes but it works.
Reconnect WAN cable => DHCP connection always comes UP but it doesn't always switch back from LTE to PPPoE.
5 interfaces assigned
- WAN_DHCP - Vendor A : Monitor 22.214.171.124
- VPN1 - At Vendor B - server X, port 80 : Monitor 126.96.36.199
- VPN2 - At Vendor B - server Y, port 443 : Monitor 188.8.131.52
- VPN2 - At Vendor B - server Z, port 1194 : Monitor 184.108.40.206
- WAN_LTE - Vendor C : Monitor 220.127.116.11
All are "UP"
System -> Routing -> Gateway Groups
VPN_GROUP => VPN1 (Tier 3) + VPN2 (Tier 3) + VPN3 (Tier 3) Trigger Level = Packet Loss or High Latency
WAN_GROUP => WAN_DHCP (Tier 1) + WAN_LTE (Tier 5)
Trigger Level = Member Down
Firewall -> Rules --> rules access internet via VPN_GROUP gateway
System -> Routing -> Default Gateway IPv4 = WAN_GROUP
System -> Package Manager -> Service Watchdog -> Added all VPN clients + dpinger Gateway Monitoring Demon + DNS Resolver
Hope this is useful.
Forgot to say it's ver 2.5.0
.... and there's a typo in interface list,... second "VPN2" should be "VPN3".
@why thanks, it seems there wasn't/isn't anything fundamentally wrong with what I am doing then. It was working, but i started having a problem with smtp clients on windows / linux which is why I was asking.
But it seems to be a problem with setting the default route of the rule to a gateway group. I just don't understand why it has started over the last week.