I am adding a second backup WAN connection to my router and got it working mostly but I am trying to figure out the routing preference. One is PPPOE and one is just a direct WAN connection.
Lets call nonpppoe wan1 and pppoe wan2
When I do the routing like this:
routing-options { static { route 0.0.0.0/0 { next-hop [gatewayipofnonPPPOEwan](WAN1); qualified-next-hop pp0.0(WAN2) { metric 1; } } } }
It works, when wan1 goes down stuff starting going to wan2 automatically BUT the problem is I also have an IPSEC vpn running on WAN1 to a second location that obviously goes down when wan1 goes down, is there any way to make it automatically swap interfaces when one goes down to keep the vpn tunnel up? BGP would be lovely but is not an option, I doubt I could get an ASN and I don't even think my ISP has stuff in place to not let people use BGP.
I would also like to use WAN2 as the main line since it is faster than WAN1 but when I try this:
routing-options { static { route 0.0.0.0/0 { next-hop pp0.0(WAN2); qualified-next-hop [gatewayipofnonPPPOEwan](WAN1) { metric 1; } } } }
It breaks the vpn between our office an no one can connect to the IP of WAN1 for a separate SSL vpn we run (not worried about making that redundant right now just need it to stay on WAN1 and work even though WAN1 is second preference in routing table).
It is almost like it shuts down the second priority interface until the main route/hop is unavailable then uses it (if I unplug WAN2 then stuff works right away again).
I have PHASE 1 of the VPN is setup to specifically use the WAN1 interface.
The second location only has 1 internet connection as well so that complicates things, the second office has a Juniper SSG5.
I've been trying to find info online to solve this with no luck. The SRX240 is also past EOL so support is not an option.
I am probably doing the routing wrong.
I also don't need load-sharing I just want fail-over.
WAN1 is only 30mbps, WAN2 is 1000mbps so load-sharing is not really needed, BUT WAN1 is dedicated fiber and WAN2 is just Bell Fibe a lot faster but not nearly as reliable and nowhere near the up-time.
No comments:
Post a Comment