BGP and IPSec Backup

  • Hi all,

    Im hoping someone can help me out with a issue I'm having between a Watchguard and pfSense.

    I have a Watchguard at a branch office site and a pfSense at our another branch office.

    We have a private point-to-point line between the two devices.

    I run BGP across this private link and all can communicate as expected.

    I would like to have a failback IPSec VPN so that if the private line fails communications can continue, however as soon as I bring the IPSec VPN up on the pfSense the private link breaks.  It appears that the IPSec route is taking preference on the pfSense.  Watchguard has an option that fixes this labelled "Enable the use of non-default (static or dynamic) routes to determine if IPSec is used".  I have also tried amending the BGP route preferences however no luck.

    Can anyone advise how to achieve the same on pfSense?  I am unable to use OpenVPN as Watchguard does not support this.

    Thanks in advance!

  • If IPSec matches the traffic, it will grab it before it hits the routing table. I don't think there is a work-around.

  • Ahh shame! Thought that was the issue. I'll have to replace the pfSense with a Watchguard then.


Log in to reply