Sorry the last image was so sparse, here’s more of what I’m trying to do. Right now we use Watchguard everywhere, and it’s been great. But I have the opportunity to replace a few units coming up, so I’m running a couple labs to verify I have the same features needed. Mostly basic NAT, routing, port forwarding, but the VPN failing over with multiple gateways is highly used for almost all my clients.
Recently we setup a new AWS tunnel with a new third-party group and the config they sent me was 2 different tunnels setup using metric 1 for the first tunnel and metric 2 for the second tunnel, using the same routing/endpoint. That setup might be an option if that’s how we have to do things. But I’m used to how Watchguard does it, with multiple gateways for a single tunnel.
I just got the Local VyOS online with public routing information, so I will be doing more in depth testing soon, I can try to give you attempted configurations soon.