Redundant VPN tunnel with Azure

Hi team,

I have vyos 1.2.8 and with two ISPs and need to configure the redundant VPN tunnel with Azure. I am referring this article Route-Based Redundant Site-to-Site VPN to Azure (BGP over IKEv2/IPsec) — VyOS 1.4.x (sagitta) documentation however it shows one interface at vyos and if I refer this will it work for two interfaces at vyos?

Do I just need to use other different authentication id and enable ipsec on eth1 as well if I have ISPs configured on eth0 and eth1?

add 2 /32 routes, so traffic to ipsec peer addresses ( and in example) will use gateway of WAN1 / WAN2 respectively.
And enable ipsec on both wan interfaces, instead of only eth0 in example
Both authentication id and local-address should specify vyos WAN IP used for the tunnel.

Why does example use for local-address ?? I’d use vyos WAN IP

So in this case I am not sure if I can use ECMP?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.