pfSense

After some debug. I logged into the pfsense command line and found that the IPsec service does not restart when it changes its interface settings.
So an ipsec restart is enough to reset the tunnel with the right interface.
I think it's a big pfsense bug

Jim Pingle wrote:

There isn't enough information here to speculate as to the cause or fix. It isn't normal to need an IPsec restart in that case, but it may be due to the type of WAN interface used for IPsec here.

Try the attached patch, see if it helps.

Thank you for your reply
I have a WAN1 interface in public IP address and WAN2 address in private IP address.
I applied the changes, do I need to restart pfsense?

Jim Pingle wrote:

There isn't enough information here to speculate as to the cause or fix. It isn't normal to need an IPsec restart in that case, but it may be due to the type of WAN interface used for IPsec here.

Try the attached patch, see if it helps.

I tried your patch but it does not work, the VPN does not restart and still keeps its tunnel on the interface WAN1 while it is down

Mouad Mimouni wrote:

Jim Pingle wrote:

There isn't enough information here to speculate as to the cause or fix. It isn't normal to need an IPsec restart in that case, but it may be due to the type of WAN interface used for IPsec here.

Try the attached patch, see if it helps.

I tried your patch but it does not work, the VPN does not restart and still keeps its tunnel on the interface WAN1 while it is down

After several searches I managed to set up the VPN failover using a DynDNS, but the failover is done after about 3min. Is there no parameter to adjust this ?

3 minutes sounds about right for a DNS-based changeover. It takes time for DNS updates to propagate and be noticed. There are other techniques (VTI with dynamic routing), but discussing such things is out of scope here. If you need configuration assistance, post to the forum or pfSense subreddit.