Hi Everyone, Does anybody tried before IPSEC redundant gateway using VRRP. It means, 2 VPN routers at central office side, 1 VPN router at branch side. Branch router doesn`t support redundant IPSec tunnel (not RB).
you have to use Netwatch and scripts to do that. peer address should be the LAN(not vrrp IP) ip of both router.
Yes that is exactly what Im doing now. I use script that gets primary routers IP address, when primary router goes down. But I want to it to be more smart. Because every time when new IPSec branch adds to network, I need to change script. The second bad thing is I need to copy all new firewall configuration to the backup router every time. Because there is some different configuration between Primary and backup routers. So I cant just export configuration and import it. Because RouterOS config export feature is not intelligent. It exports all what Im added.
Hello,
I use scripts to keep configs in sync among two routers which share VRRP IP’s for IPSec tunnels. I make changes only on primary router and use something like:
/ip firewall address-list export file=“EXPORT.$[/system identity get name].FW_Lists”
to export some settings to a file.
Then, on secondary router(s), you can use something like:
/tool fetch mode=tftp address=MAIN_ROUTER_IP src-path=EXPORT.FW_Lists.rsc
/ip firewall address-list export file=“PreIMPORT.$[/system identity get name].FW_Lists_BK.rsc”
/ip firewall address-list remove [find]
/import file=EXPORT.FW_Lists.rsc
/file remove EXPORT.FW_Lists.rsc
This makes keeping configs in sync a lot less troublesome 