Dual IPSEC tunnel - Failover
-
Hi everyone
I have the scenario:
PfSense with two WAN and at the other end (Cloud) two WAN as well.
I have two IPSec tunnels, configured like this:
10.x.x.x:WAN1 >> WAN1:172.1.x.x; 172.2.x.x, ...
10.x.x.x:WAN2 >> WAN2:172.1.x.x; 172.2.x.x, ...
Each subnet has its phase2Currently, if I leave both tunnels active, at some point packet losses occur, and I need to disable one of the tunnels.
I would like to leave only one of the tunnels active and the second tunnel active in case the first one goes down.
It's possible? I've seen in other scenarios use metric in static routes.
Note: I cannot use only 1 tunnel + DDNS because the Cloud does not accept this type of configuration.Sorry about my English.
Thank you! -
Any suggestion? T
hank you!
-
@luan-provesi
This can be done. Look up ipsec vti on the docs site. It is however more complicated and there are some issues that come up. I've had mtu issues and problems with tunnels not re-establishing after a long ISP outage. A search of the forum should yield more information.Edit to add a link to Jim P's excellent video on the subject
https://www.youtube.com/watch?v=AKMZ9rNQx7Y -
@dotdash Thank You!
