Community discussions

MikroTik App
 
None5466
just joined
Topic Author
Posts: 2
Joined: Mon Jun 27, 2022 12:50 pm

GRE-IPSec failover

Mon Jun 27, 2022 1:16 pm

Hello there,
I've got two offices and these are connected via GRE IPSec + OSPF. Both have failover channels + script which controls switching to failover and back to main.
Everything works fine until Failover comes in. Connections interruptions are quite common.
So I want some kind of redundant GRE-tunnel, but which will be up only if failover switch will be performed. Is there some kind of easy way to achieve this?
Screenshot from 2022-06-27 13-04-10.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: GRE-IPSec failover

Mon Jun 27, 2022 1:56 pm

GRE + Bonding "active/backup" failover?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: GRE-IPSec failover

Mon Jun 27, 2022 3:26 pm

Is there some kind of easy way to achieve this?
I am afraid that if you already have OSPF up and running, it is the easiest way to handle failover, I'm just suprised you need scripts in addition to it.

Is NAT in use on the routers? It can be the cause of problems when one of the WANs goes down.

When talking about activating the backup tunnel only when the primary one goes down, are you concerned about keepalive traffic or there is another motivation?

GRE + Bonding
Bonding only works with L2 interfaces, so you can bond together EoIP ("ethernet over GRE") tunnels but not "GRE" ("IP over GRE") ones.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: GRE-IPSec failover

Mon Jun 27, 2022 6:33 pm

Oh... :shock: yes... too many EoIP used :lol:
 
None5466
just joined
Topic Author
Posts: 2
Joined: Mon Jun 27, 2022 12:50 pm

Re: GRE-IPSec failover

Tue Jun 28, 2022 2:32 pm

Is NAT in use on the routers? It can be the cause of problems when one of the WANs goes down.
Yep. LAN on both ends are beyond NAT.
When talking about activating the backup tunnel only when the primary one goes down, are you concerned about keepalive traffic or there is another motivation?
There are some resource that LAN2 uses from LAN1.

When I tried to duplicate tunnels, nothing worked for me when changing the address, namely, the backup tunnel did not rise. Today I will try again to conduct a small experiment and I will write according to the results.

Who is online

Users browsing this forum: Ahrefs [Bot], Egate, RobertsN, TheCat12 and 99 guests