Wireguard Tunnels - Gateway Recovery Behaviour intermitent
-
Hi All,
I wonder if anyone else has experienced this. For the life of me, I cannot 'consistently' get my Wireguard tunnels to re-establish on my primary gateway whenever I have a gateway failback event. The tunnels remain stuck on the backup gateway until I cycle that. I get it to work maybe once out of every 10, but that's luck of the draw.
I utilise the new settings in pfsense plus for the Gateway Recovery, which is set to kill states on all lower priority gateways on recovery. I watch the pftop state table at the time of a fail back and it does kill the states, specifically I watch the states for the wireguard tunnels drop - but they all re-establish back on my backup connection, even though the primary is back online.
The gateway recovery works fine in all other scenarios, but Wireguard tunnels are incredibly flaky - in the main they rarely fail back.
Just as an aside, these are privacy VPN Wireguard tunnels via Mullvad, so I have no control over the remote end. I thought this was the best place for this post as the gateway recovery in the main works fine, it's just the Wireguard tunnels not really playing ball.
Just to confirm my config, within Advanced > Misc -
State Killing on Gateway Recovery = Kill ALL states for lower-priority gateways
State Killing on Gateway Failure = Kill states for all gateways which are down.