VPN Backup Peer?
Is there any way to specify a backup peer in any way on the 707? I really wish we could just have virtual tunnel interface route-based VPNs, but it appears we're stuck to policy based. Specifically, I have a tunnel to an AWS site to site VPN and would like to be able to setup a backup peer address to the secondary peer in AWS. With Cisco ASAs I remember being able to configure a backup peer, but I can't find any way to do it with TP-Link. Is there any concept to do something like this, or is it always just stuck to a single peer configuration?
@pdava17752453 AFAIK Omada has only old-fashioned IPSec so no interfaces. It does however support IPSec tunnel groups, where IPSec connections can fail over to a backup tunnel. So if the primary tunnel fails it will connect a fail-over tunnel, and optional fail back to the primary. But it isn't seamless, you wait the DPD time before failover, say 15-20 seconds.
Modern routers support Virtual Tunnel Interfaces (VTI) which effectively enable routing over IPSec rather than just policy. Needless to say, Omada does not support VTI 😭 You might do better to use WireGuard, which Omada supports and is interface based, so you can have prioritized routing tables for backup routes. That means packet-by-packet seamless failover.
