Actions
Bug #11181
closed
pfSense throws IPsec phase 1 duplicate IP validation error incorrectly
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
12/21/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP. For example:
Site A: WAN (ISP-A) and WAN2 (ISP-B)
| /
| /
IPsec P1 | / IPsec P1
Primary Link | / Secondary Link
| /
Site B: WAN (ISP-C)However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" is already used by phase1 ""."
This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link. If the primary link fails the policy routing would transmit over the secondary link.
Updated by 
Updated by
Actions