[pfSense] Layer 2 and IPSec Priority
RonL at maplewood.com
Tue Feb 21 16:47:59 EST 2012
I have a 2.0 and 1.3 pfSense firewall (one in each of 2 buildings) and these are joined via an IPSec link. We now have a layer 2 connection between them as well. If the IPSec link is disabled on both sides traffic traverses the Layer 2 link (which is good). So here is my questions.
1. How can I make some of the traffic (backups for example) always use the layer 2 link and never use the IPSec link (layer 2 has no usage counter, IPSec does). This would also mean both sets of traffic would flow faster because of no competition from the other data. It seems the IPSec link has a higher priority than the layer 2 that I can't seem to find or alter.
2. If only one side of the IPSec tunnel goes down the traffic coming from the side that is up still tries (unsuccessfully) to use the IPSec link. Traffic on the side with the failed or disabled IPSec link correctly goes to the layer 2 link (how can I get both sides to recognize the link is down)? Right now if my WAN link on one side fails I can send traffic from this site to the other but not the reverse.
I am guessing both answers are probably fairly obvious which is why I can't see them for looking.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the List