Dual-WAN dual-router - can't communicate with 2nd router
-
I have a dual-router dual-wan configuration using CARP virtual IPs at one of our remote locations (both routers are running pfsense 2.1.5). From the LAN on that site I can communicate with both routers fine, and everything is good for the local machines. We also have several IPSEC VPN connections to connect the LANS from our other locations. When at another location, I can connect to the virtual IP for the remote LAN, and I can connect to the static IP for the primary router. However, I cannot connect to the static IP for the backup router. I would think that traffic (originating from a different site) to the LAN interface on the backup router should be routed over the IPSEC connection via the CARP VIP currently running on the primary router, we don't see anything in the routing tables on the backup router to indicate that that's what is actually happening. Instead it looks like traffic is being routed out over the WAN interface on the secondary router, maybe?
Am I just misreading the routes table? Or is there something else that I may be missing that would allow us to communicate to both routers specifically from the remote sites over the WAN IPSEC conection? Or is this something that's by design with CARP dual-WAN setups?
-
https://doc.pfsense.org/index.php/CARP_Secondary_Unreachable_Over_VPN
-
Thanks! That described my scenario exactly.