Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN and IPSec: Simply switch interface on alarm

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thoiz_vd
      last edited by

      I found many topic replies clearly stating that WAN-failover and IPSec cannot be combined due technical reasons. Yet, I do not see why pfSense is not able to do something I now do by hand. When WAN1 fails, I switch my VPN endpoint from WAN1 to WAN2. When I see that WAN1 is working again, I switch it back. If I can do this, why not pfSense?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's not quite that simple unfortunately. Many people in the field don't have the ability to just change the endpoint IP without adjusting the other side of the tunnel.

        It might be possible to do this, but it's not as easy as it seems, and would definitely have to be optional. Might be an interesting project for someone looking to get into development to try.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          thoiz_vd
          last edited by

          I do have this option because the endpoint is a ZyWALL USG, which has support for dynamic clients. The solution could however be reformulated to having two tunnels with different priorities. In case the tunnel with the higher priority goes down, the one with the lower priority is activated. In my case their endpoints would be the same, but for others this does not have to be so. Subnet overlaps do not matter anymore when the tunnels are never both active at the same time.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.