interface based VPN routing? IE select source interface
Posted: Fri Jan 06, 2017 6:39 pm
I'm looking for an elegant way to have 2x L2TP or PPtP tunnels sourced from different WAN interfaces for the purpose of redundant links.
I'm currently adding routes to 2 IP addresses on my remote side via each interface's gateway. IE:
wan1 10.0.0.16 gw 10.0.0.1
wan2 10.10.0.16 gw 10.10.0.1
remote CCR for VPN termination requires 2 addresses to do this:
10.50.0.1
10.50.0.2
route dst 10.50.0.1 via 10.0.0.1
route dst 10.50.0.2 via 10.10.0.1
the problem here is that one or both of the wans can be dhcp, so needs a script to find the individual gateways.
I can't do EoIP which does handle the source address interface routing (apparently) because I need to penetrate NAT. L2TP is ideal, PPtP is a second best
Does need to be a full tunnel interface because I use ipsec and bfd on the interface to do rapid failover and automatic routing.
I'm currently adding routes to 2 IP addresses on my remote side via each interface's gateway. IE:
wan1 10.0.0.16 gw 10.0.0.1
wan2 10.10.0.16 gw 10.10.0.1
remote CCR for VPN termination requires 2 addresses to do this:
10.50.0.1
10.50.0.2
route dst 10.50.0.1 via 10.0.0.1
route dst 10.50.0.2 via 10.10.0.1
the problem here is that one or both of the wans can be dhcp, so needs a script to find the individual gateways.
I can't do EoIP which does handle the source address interface routing (apparently) because I need to penetrate NAT. L2TP is ideal, PPtP is a second best
Does need to be a full tunnel interface because I use ipsec and bfd on the interface to do rapid failover and automatic routing.