Bug #11181

Updated by Jim Pingle over 3 years ago

In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP.    For example: 

      Site A: WAN (ISP-A) and WAN2 (ISP-B) 
                |                 / 
                |                / 
     IPsec P1     |               / IPsec P1 
   Primary Link |              / Secondary Link 
                |             / 
             Site B: WAN (ISP-C) 

 However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" "" is already used by phase1 ""." 

 This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link.    If the primary link fails the policy routing would transmit over the secondary link.