WIFI Link between two pfsense - VPN failover

timlie

Hello,

We have two sites which are connected through a WIFI link (Bridge).
We now want to create a failover for this link through a VPN tunnel.

SETUP:

SITE A
WAN
LAN 10.0.0.0/20
LINK 172.16.32.2
VPN 172.16.2.2
STATIC ROUTE 10.0.32.0/20 172.16.32.1

SITE B
WAN
LAN 10.0.32.0/20
LINK 172.16.32.1
VPN 172.16.2.1
STATIC ROUTE 10.0.0.0/20 172.16.32.2

The static routes are there since the beginning, before we had the VPN tunnel.
Now with the VPN tunnel it would be nice if we could create a second route for the same networks but with priority.
Pfsense does not support routes with metrics.

I tried now to specify the VPN gateway for the 10.0.32.0/20 network on a rule, which works. The only problem is that the traffic which is coming back from the 10.0.32.0/20 network towards 10.0.0.0/20, follows the static route defined on the pfsense and thus is send back over the WIFI link. This does not work.

How can I solve this?

In the end we want to have a gateway failover group with the WIFI link and the VPN tunnel.

Thanks a lot!

timlie

I tried already to create on the other site as well a firewall rule with the gateways configured. I also removed the static route.
Problem is that these rules don't get evaluated because of the states for traffic coming back.

I don't know if what I want to achieve is possible at all.

Thanks!