Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN IPSec with BGP

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 617 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisT
      last edited by

      Hello all, I have the following setup and I would like to know how it is better to configure my pfsense devices.

      Site A
      Dual WAN pfsense - Provider X & Provider Y

      Site B
      Dual WAN pfsense - Provider X & Provider Y

      Two IPSec tunnels between site A and site B

      IPSec 1: Site A provider X with Site B Provider X
      IPSec 2: Site A Provider Y with Site B Provider Y

      both IPSec tunnels are Routed IPSec and for both of them I am using BGP (I configured two BGP neighbors in every side).

      My problem is that every time that I am configuring the second IPSec and I configure the BGP neighbor, I loose connectivity.

      Am I doing something wrong in the configuration? What I want to achieve is having BGP taking care of any line failure and send the traffic to the other IPSec when the one IPSec is down. So basically I need it for failover.

      Thank you in advance.

      M 1 Reply Last reply Reply Quote 0
      • M
        metisit @ChrisT
        last edited by

        @christ i am looking for a good solution to that use case as well. any progress on your side?

        C 1 Reply Last reply Reply Quote 0
        • C
          ChrisT @metisit
          last edited by ChrisT

          @metisit Still no progress as I am facing some other issues here.

          Honestly I start thinking to revert to normal static IPSec, but the fact that I won't have to step in in the middle of a "crisis" and let BGP do its job, keeps my faith to this configuration.

          As soon as I solve the other issue that I have, I will give it a shot.

          According to Netgate support, what I mention at the beginning is totally reasonable and can happen.

          I'll keep you posted.

          Chris

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.