Not sure if this question has already been asked before but I didnt find what I was looking for. I am planning to set up Vyos Router as my VPN device and it will have 2 Internet links
Now other peer as well will hve 2 ISPs, so my question is can I create backup VPN or if one of the link fails can it be possible to fail to other VPN tunnel? I have setup IPSec VPN with one IP but not sure how do configure backup vpn so that if one link fails automatically traffic will be faild over to other link. Here is my setup
Site A
Local Prefix = 10.10.10.0/24
Vyos =10.10.10.1
ISP A = 1.1.1.1
ISP B = 2.2.2.2
###################
Site B
Remote Prefix = 192.168.35.0/24
ISP A = 1.1.1.2
ISP B = 2.2.2.3
Tunnel is configured between 1.1.1.1 <==> 1.1.1.2 but how that can be automatic failver between 2.2.2.2 & 2.2.2.3
You could pin down another tunnel between 2.2.2.2 and 2.2.2.3 and use some sort of routing protocol to choose the most appropriate path.
You could also try using static route preference, say put the backup route with preference 100 where if the primary route is not available the traffic will be switched over to the backup route .
On site A: Add routes to pin each tunnel to an interface
1.1.1.2/32 -> use GW1
2.2.2.3/32 ->use GW2
Create 2 VTI IPsec tunnels.
1: local=1.1.1.1 remote=1.1.1.2 ip=10.255.255.1/30
2: local=2.2.2.2 remote=2.2.2.3 ip=10.255.255.5/30
Enable routing protocol like OSPF , do similar on site B and you have redundant tunnel.