Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does IPsec order/prioritize tunnels?

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rcfaR
      rcfa
      last edited by

      I have a somewhat screwed-up setup (thanks Verizon!), so my default route ends up going out over an IPSec tunnel to a colocation service that acts as gateway for my class-C net.
      So I have one IPSec link with a peer net that's 0.0.0.0/0

      Yet I also need to have some IPSec tunnels to clients. Is there a way to ensure that the default link get's processed last, i.e. that IPSec doesn't try to route packets that should go to the client's private nets out the 0.0.0.0/0 link?

      The reason I'm asking is that I suspect that this may be part of the problem of rather glitchy connectivity to some client's networks, even though I made sure it is listed before the "catch-all" default route IPsec tunnel.
      It seems that connectivity is more a matter of which tunnel becomes operational first rather than in which sequence they are listed.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It may be how the SPDs are ordered, though I'm not sure there is any way to ensure the ordering of these unless you can absolutely ensure the order in which the tunnels actually establish (which is probably impossible in practice)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.