Static routing with IPSEC as a failover

  • Good evening all,

    We are running on pfSense 2.2.0 and we currently have a customer that connects to us via IPSEC VPN.

    We are provisioning a fixed circuit between us and them - so they will appear on a dedicated interface and we will configure the next-hop gateway and routes accordingly.

    However, does anyone know if it is possible to keep the VPN tunnels in place and use them in the event that the fixed circuit fails.  I would like this to happen without manual intervention if possible and I guess there needs to be a way to trigger removal of the static route if the remote gateway goes down and trigger addition of the route when the remote gateway come back up.

    Also which method of routing takes precedence – system routing table or the kernel routing table ??

    Thanks all - looking forward to responses.



Log in to reply