Ip sec failover issue

Hi Guys,

I have situation as below,

Primary wan: pppoe
secondary wan: LTE
Services running: ipsec vpn

I have made LTE down when pppoe is on, and vice versa by using hotplug.d script as below,

LTE off script:


[ “$ACTION” = “ifup” ] || exit 0
if [ “$ACTION” == “ifup” ] && [ “$INTERFACE” == “wan” ] ; then
ifdown mob1s1a1
/etc/init.d/ipsec restart
echo $(date -u) " DSL is UP shuting donw LTE" >> /root/interface.log

LTE On script:

[ “$ACTION” = “ifdown” ] || exit 0
if [ “$ACTION” == “ifdown” ] && [ “$INTERFACE” == “wan” ] ; then
ifup mob1s1a1
echo $(date -u) " LTE is UP due to DSL down" >> /root/interface.log

What is the problem ?

when pppoe is on , LTE goes off , vpn is working fine

when pppoe disconnected, LTE kics on , vpn shift to LTE ip and working fine.

When I plug pppoe back, LTE goes off , vpn connected to pppoe IP BUT I AM UNABLE TO PING.

What I do to resolve it?

/etc/init.d/firewall restart.

When i restart firewall vpn is back , do you have any idea what i have to modifi on firewall setting? or any other settings? i already tried restarting firewall from the same hotplug script that brings LTE up and down but didn’t help.

When i restart the firewall i get below message,
kern.notice ip_blockd re-inserting iptables…


Is my understanding correct that you are using your own script for failover? If so, could you please clarify why? Teltonika Networks devices have built-in failover functionality. Failover information is available here.

I would suggest trying the failover functionality. If the issue persists, I would suggest checking the IPSec status to see what IP addresses are used after the failover is triggered. To view IPSec status and logs, you can use the following commands, respectively:

ipsec statusall
logread | grep ipsec

Kind Regards,