Support for Routed Tunnels

Darren White

We would like to create a “routed tunnel” connection from the gateway to a customer firewall. With a routed tunnel the Phase2 network is just 0.0.0.0/0, and then routes can be configured to assign traffic to be sent over the tunnel.

This would also allow for:

  • Tunnel Aggregation - Two routed tunnels could be configured to different interfaces of the same customer firewall. Routes for some networks could be assigned to one tunnel, and routes for other networks could be assigned to the other tunnel. In this way, both tunnels could share the traffic load.
  • Tunnel Failover - Currently Timus IPSec tunnels do not support multiple remote gateways for failover purposes. Two routed tunnels could be configured to different interfaces of the same customer firewall. Two routes for the same network could be added, one assigned to each tunnel. While it is expected that only one route would be active, if the tunnel dropped and the active route was disabled, the second route could rapidly begin assigning traffic to the remaining tunnel.
  • Simplified Tunnel Configuration - When configuring a tunnel, there are tunnels needed for every local and remote network pair. So if there are two subnets in the Timus Gateway, and 10 subnets reachable over the tunnel, 20 Security Associations must be built. It appears that Timus allows you to easily add multiple local and remote networks in the same policy, but other firewalls may require that every SA pair be added individually. It is easier for them to support a routed tunnel where they can just add the two destination network routes over the tunnel.

Comments

4 comments

Date Votes
  • Comment author
    Eray Dogan
    • Official comment

    Thanks for your suggestions. We are happy to share that Support for Routed Tunnels has been accepted for the 2026 roadmap. We’ll post updates here as development gets moving.

  • Comment author
    Brian Tomjack

    This would be a great feature to see added, especially as multi-wan connection options are becoming readily available. 

    0
  • Comment author
    Mark Bernard

    This feature is very much needed! Particularly the Tunnel Failover ability that routed tunnels would enable. Otherwise it doesn't appear to be possible to create the resilience expected in many of our environments..

    0
  • Comment author
    Darren White

    Are there any updates on this? With the planned implementation of support for IPSec tunnel failover, is any change for routing support being considered?

    0

Please sign in to leave a comment.