Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route Failover

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 342 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacklloyd
      last edited by

      Hi,

      I've seen a few conflicting methods on this so I'm wondering if someone can provide a little bit of clarity.

      We're looking to have route fail-over across a pair of IPSEC Tunnels from a colo in the US to our DC in the UK.

      We've got dual ISP's at both end and we are comfortable setting up route based VTI VPN's.

      I've read that I can't point a static route on the PFSENSE to a gateway group (e.g. a group of the x2 VTI's on each end) to allow the route to the other site failover that way.

      I've also read that you can do stuff with DynDns to help with this but it does take a few mins to failover, that's not really acceptable from our end. Moreover, we do have static IP's on all circuits so ideally this wouldn't be necessary

      Lastly, I was wondering could i achieve it like this; We put the static routes in on the PFSENSE appliances to go via a single VPN (no failover) but then on the rule set within pfsense specify the "Gateway" option and leverage Policy based routing? In the PBR element we'd use the gateway group of the x2 VTI's - would this work though and would this achieve what we need? Would this take precedence over the static route?

      Is this the right way to be looking or should we just try and configure the failover with BGP across the tunnels?

      Best

      Jack

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.