Multi-site VPN with redundant routing?

Sat Aug 03, 2019 1:25 pm

We have 3 sites. Currently they're all connected to each other with IPSec VPNs. Recently we had a problem where for some reason Site 2's packets to Site 1 were never arriving, so the VPN between 1 and 2 went down, but 1-3 and 3-2 were still up, so in theory if the routing was in place to support it we could still reach Site 2 via 3 from 1 (and I did that to diagnose the issue via SSH tunnels from systems in 3). Eventually that particular issue went away and the VPN came back up, but I'd like to make our VPNs more resilient if possible so that if only one route is down, we can route around the "long way" automatically - but still use the shortest path when it's available.

