LAN client load balancing while binding IPSec to its own load balancing groups

Hi — I have 3 WANs and clients are round-robin’d through the connections via load-balancer.


I also use several IPSec tunnels to connect to remote networks, each bound to a specific interface via dhcp-interface. The problem with this is that when/if one of these interfaces goes down, the tunnel goes down. If I use local-address any, then round robins the connections.

How can I achieve something like:

IPSec tunnel 1 - WAN2 first, WAN1 backup
IPSec tunnel 2 - WAN3 first, WAN1 backup
All clients round robin’d through all 3 WANs for all other NAT connections.

With pfsense for example, I can achieve this by creating various “gateway groups” and binding the IPSec tunnels to the different groups.
Thank you.