Using Ipsec interface as failover

  • Hopefully someone can point me in the right direction for what I'm trying to accomplish

    LAN for Site A & B are routed through pfsense and linked via MPLS
    I have installed backup internet at each location and have established IPspec site to site via pfsense

    In case of MPLS outage, I would like to auto route LAN traffic over IPsec tunnel instead of MPLS

    I was thinking of using a Gateway group with outbound firewall rules to accomplish this like a normal failover setup, but ipsec can't be added as an interface, and therefore not into a gateway.

    Any ideas? Thanks in advance

  • I've thought about this also. I can't give you a solution, but my initial thought is that it might be doable with the port of OpenBSD's ifstated. You can install this via 'pkg install ifstated' I have not had time to work out the config, but I was looking at strongswan's 'ipsec' command line interface. This would obviously get clobbered if you touched anything in the gui.

