Dual WAN failover, local host not updating IP address
-
I have configuration with dual WAN where IPsec tunnel is not updating local host IP address when primary WAN fails.
Pretty much as described here
https://redmine.pfsense.org/issues/14626
To test it I force gateway down in system/routing/gateways. I don't disconnect cable from the port as that is not real world scenario. Port is always up, as router is always connected even even if internet is down.
Dynamic DNS is updating and working fine, outbound traffic is fine, inbound traffic is fine, everything except that IPsec tunnel will not come up because local host IP address change is not being detected. Yes, I did properly configure gateway group, ETC. To force it I have to stop IPsec service and start it. Then it will detect IP address change and it works just fine on WAN 2. Temporary workaround is to use Shellcmd package to restart IPsec on filter reload. However, that is not desired solution as it will restart IPsec service every time it reloads filters for any reason, not only on WAN IP change. I did fiddle with other IPsec options, but I was never able to make it work without stopping/starting IPsec.
Does anyone have any advice here or perhaps working configuration?
I know I could use IPsec VTI, but I'll cross that bridge when I'm ready to implement it. For the time being this is much easier solution to deploy.
-
This is not of any urgency to me anymore. But it's still worth looking into this issue little bit deeper as it might be regression of some kind. Maybe some of developers can do it.
I moved one customer to OpenVPN and for the other one I utilized IPsec VTI with OSPF.