How does IPsec order/prioritize tunnels?

2.0-RC Snapshot Feedback and Problems - RETIRED
Log in to reply
  • R

    I have a somewhat screwed-up setup (thanks Verizon!), so my default route ends up going out over an IPSec tunnel to a colocation service that acts as gateway for my class-C net.
    So I have one IPSec link with a peer net that's 0.0.0.0/0

    Yet I also need to have some IPSec tunnels to clients. Is there a way to ensure that the default link get's processed last, i.e. that IPSec doesn't try to route packets that should go to the client's private nets out the 0.0.0.0/0 link?

    The reason I'm asking is that I suspect that this may be part of the problem of rather glitchy connectivity to some client's networks, even though I made sure it is listed before the "catch-all" default route IPsec tunnel.
    It seems that connectivity is more a matter of which tunnel becomes operational first rather than in which sequence they are listed.

    0
  • jimp
    Rebel Alliance Developer Netgate

    It may be how the SPDs are ordered, though I'm not sure there is any way to ensure the ordering of these unless you can absolutely ensure the order in which the tunnels actually establish (which is probably impossible in practice)

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy