ER605 as VPN client with link backup WAN/WAN2

ER605 as VPN client with link backup WAN/WAN2

ER605 as VPN client with link backup WAN/WAN2
ER605 as VPN client with link backup WAN/WAN2
2024-09-02 10:31:28 - last edited 2024-09-06 03:02:59
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6

ER605 as VPN client with link backup WAN/WAN2

 

I have 2 VPN tunnels (ER605 as client),

Problem is that they are down when router switched on backup link.(primary WAN Offline)

Is there any way to reconnect vpn client on backup WAN?

 

If the main WAN is offline for a long time, what is the solution to the situation?

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 as VPN client with link backup WAN/WAN2-Solution
2024-09-03 01:36:44 - last edited 2024-09-06 03:02:59

Hi @YuriyB 

Thanks for posting in our business forum.

IPsec supports failover mode. But that is not based on the link backup but on at least two active WANs.

But what you described is a load balance situation. VPN is based on the WAN failover.

Have you tried to set up two tunnels on WAN interfaces? As the backup is offline and the tunnel should not be effective. Will this setup work? When failover works, it brings down primary and up backup, will the tunnels work along the described situation?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
3 Reply
Re:ER605 as VPN client with link backup WAN/WAN2-Solution
2024-09-03 01:36:44 - last edited 2024-09-06 03:02:59

Hi @YuriyB 

Thanks for posting in our business forum.

IPsec supports failover mode. But that is not based on the link backup but on at least two active WANs.

But what you described is a load balance situation. VPN is based on the WAN failover.

Have you tried to set up two tunnels on WAN interfaces? As the backup is offline and the tunnel should not be effective. Will this setup work? When failover works, it brings down primary and up backup, will the tunnels work along the described situation?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:ER605 as VPN client with link backup WAN/WAN2
2024-09-03 06:51:02

  @Clive_A 

Have you tried to set up two tunnels on WAN interfaces?

Yes

Router is connecting to VPN servers from WAN and WAN2 at the same time :) making four tunnels

 

As the backup is offline and the tunnel should not be effective.

Backup offline but routing table is working with another metric for it. so Tunnel is effective.

 

Will this setup work?

No :(

 

  0  
  0  
#3
Options
Re:ER605 as VPN client with link backup WAN/WAN2
2024-09-03 07:51:44

Hi @YuriyB 

Thanks for posting in our business forum.

YuriyB wrote

  @Clive_A 

Have you tried to set up two tunnels on WAN interfaces?

Yes

Router is connecting to VPN servers from WAN and WAN2 at the same time :) making four tunnels

 

As the backup is offline and the tunnel should not be effective.

Backup offline but routing table is working with another metric for it. so Tunnel is effective.

 

Will this setup work?

No :(

 

If so, that cannot be done on the system now.

Now, it only has IPsec failover.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options