Project

General

Profile

Actions

Bug #14626

closed

Multi-WAN IPsec does not fail over when preferred WAN loses link

Added by Thomas Simon 10 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

Hi

I have a site to site to vpn over ipsec between HO and a branch office. Now i have got added one more WAN connection to the branch side pfsense. Dyndns with gateway group is configured and everything works as expected. Dyndns updates the failover gateway IP immediately with the help of a cron job which runs at every one minute.

On the HO pfsense in ipsec phase-1, remote gateway is configured as the branche's dyndns hostname.

However a failover never happens and IPsec will not automatically connects to the newly updated dyndns hostname IP. If the branch side pfsense is rebooted, connection will be established.

What configuration is missed which will enable ipsec to drop the tunnel established to the failed IP and to reestablish a new tunnel with the changed/updated dyndns hostname IP automatically.

Thanks
Thomas


Files

HO.JPG (68.2 KB) HO.JPG Thomas Simon, 07/29/2023 03:18 PM
Branch.JPG (66.6 KB) Branch.JPG Thomas Simon, 07/29/2023 03:19 PM
Branch IPSec.JPG (36.6 KB) Branch IPSec.JPG Stays in connecting mode, the WAN IP never changes to the failover WAN IP. Thomas Simon, 07/29/2023 03:22 PM
IPSEC Log.txt (32.8 KB) IPSEC Log.txt IPSec Log file Thomas Simon, 07/30/2023 07:52 PM

Related issues

Related to Bug #14829: Multi-WAN Dynamic DNS does not fail over when preferred WAN loses linkResolvedJim Pingle

Actions
Actions

Also available in: Atom PDF