Project

General

Profile

Actions

Feature #8286

closed

IPsec on Multiwan fail back to Tier1 WAN after it is back UP

Added by Vladimir Lind over 4 years ago. Updated almost 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
01/17/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

IPsec is running on a top of failover gateway group interface. DynDNS client entry updates on behalf of failover gateway group interface. Remote IPsec peer connects to DynDNS hostname.
When Tier1 WAN gateway fails, IPsec daemon begins to listen on Tier2 interface, DynDNS hostname gets updated with Tier2 WAN IP - connectivity restores successfully. But when Tier1 WAN gateway comes back online - IPsec tunnel continues to work on Tier2 WAN interface though DynDNS hostname resolves back to Tier1 WAN IP.

If it is an expected behavior please force IPsec service to start on a top of Tier1 interface when it comes back online. Or add a separate feature that makes it possible - like a cron script that checks every certain period of time if Tier1 WAN is up and if there is an active IPsec tunnel on Tier2 WAN. If both conditions are met - restart IPsec service in order to renegotiate P1 from Tier1 WAN

Invgate ticket for reference - 37090

Actions #1

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Duplicate

Duplicate of #6370

Actions

Also available in: Atom PDF