Project

General

Profile

Bug #11181

Updated by Jim Pingle almost 4 years ago

In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP.    For example: 

      Site A: WAN (ISP-A) and WAN2 (ISP-B) 
                |                 / 
                |                / 
     IPsec P1     |               / IPsec P1 
   Primary Link |              / Secondary Link 
                |             / 
             Site B: WAN (ISP-C) 

 However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" "64.137.131.31" is already used by phase1 ""." 

 This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link.    If the primary link fails the policy routing would transmit over the secondary link.

Back