I need to set up an IPsec VPN between a customer and their cloud service provider. The customer has two ISP’s configured on their MikroTik, both connecting to the single endpoint at the cloud provider. I initially tried to set up two tunnels with no success - I couldn’t make one tunnel the primary.
Since gaining access to these forums I’ve seen solutions with scripting, route weight or preference, and a couple other strategies. Is there a preferred, “official” way to accomplish this?
Looking at what exactly? It’s not clear whether it is a bare IPsec with traffic matching by policies or whether the IPsec is used to encrypt an IPIP or GRE tunnel so you can use normal routing, nor is it clear whether the settings at the cloud provider side allow both tunnels to be up simultaneously or whether only one can run at a time as the cloud provider side sends the “initial contact” flag, meaning that the client will drop the previous connection once a new one to the same remote IP gets established, or possibly because the cloud provider side doesn’t accept two IPsec control sessions with same credentials…
The list of questions above also explains why there is no “official way” - there are so many variables that you have to tailor the solution to each particular case.