-
If ClearOS is working properly with Dynamic DNS, it can failover the IPSec to the secondary IP address if and ONLY IF your IPSec is compatible with using hostnames for its IPSec tunnel...on both sides. You can test if the hostname failover is working with a simple ping from a hotspot or 3rd party by pinging the hostname. This should change when the first ISP goes down based on a 5 minute TTL for the hostname.
Sadly, most IPSec services only allow for IP addresses and not hostnames.
Long ago I made a simple script to kick OpenVPN if a ping across the tunnel isn't working. This could be adapted to IPSec as well.
https://documentation.clearos.com/content:en_us:kb_o_openvpn_connection_script
-Dave Loper
Community Member -