Using Ipsec interface as failover
-
Hopefully someone can point me in the right direction for what I'm trying to accomplish
LAN for Site A & B are routed through pfsense and linked via MPLS
I have installed backup internet at each location and have established IPspec site to site via pfsenseIn case of MPLS outage, I would like to auto route LAN traffic over IPsec tunnel instead of MPLS
I was thinking of using a Gateway group with outbound firewall rules to accomplish this like a normal failover setup, but ipsec can't be added as an interface, and therefore not into a gateway.
Any ideas? Thanks in advance
-
I've thought about this also. I can't give you a solution, but my initial thought is that it might be doable with the port of OpenBSD's ifstated. You can install this via 'pkg install ifstated' I have not had time to work out the config, but I was looking at strongswan's 'ipsec' command line interface. This would obviously get clobbered if you touched anything in the gui.