Hey everyone, i am face a little problem and maybe i donĀ“t know if i did something wrong or if i missunderstand something.
so here is what i like to do:
1 like to setup 2 VTI Tunnels to my Fortigate, the Fortigate has two different WANs and on the Fortigate Side everything worked as expected.
Now i am on the side of the opnsense i setup 2 Connections see attached "connctions_1.png" than i have 2 VTIs defined see "vti.png".
In the Gateway Section i setup the Gateways and an gateway group "gw.png" and "gwgroup.png".
At last step i create a policy with the gateway group in it.
so now if one vpn goes down i am not able to get any traffic from the opnsense to the fortigate.
i see traffic from fortigate is coming in but the opnsense try to send all traffic to the "down" gateway
Hello, the supported way to do ipsec failover is decribed here:
https://docs.opnsense.org/manual/how-tos/dynamic_routing_ospf.html#ipsec-failover-with-vti-and-ospf