Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN = Mobile Tunnel only work on "default" GW but site-to-site any?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybercare
      last edited by

      So I've got a Multi-WAN Multi-LAN setup.

      ISP A - LAN A (via lan GW rule)
      ISP B - LAN B (via lan GW rule)

      Some LAN A can talk to LAN B and some LAN A users have ISP B set via lan rule as the GW for them.

      In routing the default GW is set to ISP A

      I have a site-to-site IPSec setup with another remote pfSense and it's using ISP B to that remote site with 0 issues.

      However I have a Mobile IPSec setup and if I set it to ISP B when a mobile client attempts to connect they fail and pfSense logs:

      racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by Mobile_IP_HERE

      If I go into routing and change the default GW to ISP B it works fine.
      If I change it back to ISP A and set the IPSec to use ISP A it works fine.

      So it seems when multiple GW's exists Mobile IPSec will only work on whatever the default is? Is this a bug, intentional or what? Why would site-to-site work either way though?
      At least site-to-site seems to not care but I'd love both to not lol.

      1 Reply Last reply Reply Quote 0
      • D
        darkwood
        last edited by

        I have the same problem.

        Any ideas?

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          I think I am having the same problem.

          I added a second WAN (ATT) and changed the default gateway to the new ISP (ATT) and modified the rule for ipsec to use the SONIC gateway.

          When the default is set to ATT mobile IPSEC fails.
          When the default is set to SONIC it has no issues.

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.