• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Gateway Group, Routed VTI IPSEC tunnels and failover

IPsec
1
2
74
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lc63
    last edited by Apr 3, 2025, 2:00 PM

    Hello,

    I have two VPN tunnels, from the same network (AWS), to provide redundancy. The IPSEC connection (Routed VTI) on the pfSense side is functional for both tunnels.

    But for redundancy, I'd like to do automatic failover. I've defined a Gateway Group, bringing together the two IPSEC interfaces. I've specified this Gateway in my firewall rules. However, as soon as I remove the static route (defined for a single IPSEC interface, as I can't define two on the same network), the VPN network is no longer routed.

    Is it possible to do automatic failover with Gateway Group and Routed VTI IPSEC tunnels ?

    L 1 Reply Last reply Apr 4, 2025, 3:10 PM Reply Quote 0
    • L
      lc63 @lc63
      last edited by Apr 4, 2025, 3:10 PM

      @lc63
      The answer seems to be no. I have switched to Policy-based mode for tunnels, which allows failover automatically.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.