We’re in the planning phase to try and move from Watchguard to VyOS or pfSense. So I’m building a list of features we use all the time, and basic things we setup and don’t even think about, to test with VyOS before considering it an option. While I think most of the features are a no brainer, I think I found an option that isn’t workable in VyOS.
In our IPSEC tunnels for Watchguard, both Policy-based or Virtual Interface/Routing-based, I can specify multiple gateways (so WAN1 to remote, then WAN2 to remote) for failover service. But in VyOS you specify which interface the Peer Tunnel is to use, is there a way to allow WAN failover?
And if I think about it more, also multiple remotes? For a couple clients, they might have multiple sites, and each site has 2 ISPs. So the IKE/Phase 1 gateway list might look like:
- Local WAN1 to Remote WAN1
- Local WAN2 to Remote WAN1
- Local WAN1 to Remote WAN2
- Local WAN2 to Remote WAN2
Is that possible as well?