Multi WAN = Mobile Tunnel only work on "default" GW but site-to-site any?



  • So I've got a Multi-WAN Multi-LAN setup.

    ISP A - LAN A (via lan GW rule)
    ISP B - LAN B (via lan GW rule)

    Some LAN A can talk to LAN B and some LAN A users have ISP B set via lan rule as the GW for them.

    In routing the default GW is set to ISP A

    I have a site-to-site IPSec setup with another remote pfSense and it's using ISP B to that remote site with 0 issues.

    However I have a Mobile IPSec setup and if I set it to ISP B when a mobile client attempts to connect they fail and pfSense logs:

    racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by Mobile_IP_HERE

    If I go into routing and change the default GW to ISP B it works fine.
    If I change it back to ISP A and set the IPSec to use ISP A it works fine.

    So it seems when multiple GW's exists Mobile IPSec will only work on whatever the default is? Is this a bug, intentional or what? Why would site-to-site work either way though?
    At least site-to-site seems to not care but I'd love both to not lol.



  • I have the same problem.

    Any ideas?



  • I think I am having the same problem.

    I added a second WAN (ATT) and changed the default gateway to the new ISP (ATT) and modified the rule for ipsec to use the SONIC gateway.

    When the default is set to ATT mobile IPSEC fails.
    When the default is set to SONIC it has no issues.


Log in to reply