I am using a pfSense firewall on a generic x86 system. I have created a separate gateway for each of the Sonic VPNs, the main and the beta. However, I am having no luck in creating and then referencing a failover group with the main VPN being a tier 1 route and the beta a tier 2.
If I set the default gateway to WAN, I can access the internet, but only one of the gateways is active. In most cases it seems to be the beta VPN. The traffic on the other VPN gateway is minimal, I assume it is ping/protocol activity.
When the default gateway is changed to the gateway group and saved, things look OK. However, when I reboot the firewall both VPN gateways are down, showing only a "Pending" status. If I subsequently change the default gateway back to WAN, the two VPNs connect again.
To gather more info, I cleared the gateway logs and set the default gateway to the failover group. When I look at the log, I see the WAN and both VPNs. I can access sites, but the access is through the tier 2 (beta VPN) gateway. After rebooting the firewall, both VPNs are down and the gateway log records only show the WAN gateway.
Clearly I am missing a setting somewhere. I have looked a the Netgate docs and thought I covered everything.
If I set the default gateway to WAN, I can access the internet, but only one of the gateways is active. In most cases it seems to be the beta VPN. The traffic on the other VPN gateway is minimal, I assume it is ping/protocol activity.
When the default gateway is changed to the gateway group and saved, things look OK. However, when I reboot the firewall both VPN gateways are down, showing only a "Pending" status. If I subsequently change the default gateway back to WAN, the two VPNs connect again.
To gather more info, I cleared the gateway logs and set the default gateway to the failover group. When I look at the log, I see the WAN and both VPNs. I can access sites, but the access is through the tier 2 (beta VPN) gateway. After rebooting the firewall, both VPNs are down and the gateway log records only show the WAN gateway.
Clearly I am missing a setting somewhere. I have looked a the Netgate docs and thought I covered everything.