IPSec VPN failover in OpenWrt

I have two WAN connections in my OpenWrt router. WAN1 has metric 1 and WAN2 has metric 2. I have also configured mwan3 on my router and it is working fine. I have created an IPSec VPN from my OpenWrt router to the FortiGate firewall and it has been established and working fine. The problem is when WAN1 gets down the IPSec VPN doesn't shift to WAN2 because I think it follows the kernel routing table and tries to establish VPN through WAN1. When I manually down the WAN1 connection through ifdown WAN1 command. The IPSec VPN gets established.

Below are the related files.

cat /etc/ipsec.conf
conn vpn1
    left=%any
    right=13.235.10.40
    leftsubnet=192.168.18.0/24
    leftfirewall=yes
    rightfirewall=no
    ikelifetime=24h
    lifetime=24h
    margintime=9m
    keyingtries=3
    dpdaction=none
    dpddelay=30s
    leftauth=psk
    rightauth=psk
    rightsubnet=172.16.1.0/24
    auto=start
    forceencaps=no
    keyexchange=ikev2
    esp=aes256-sha256-modp1536
    ike=aes256-sha256-modp1536
    type=tunnel
cat /etc/config/mwan3
config globals 'globals'
        option mmx_mask '0x3F00'
        option rtmon_interval '5'
        option mode 'mwan'

config member 'wan_mem'
        option interface 'wan'
        option metric '1'
        option weight '1'

config member 'sim_mem'
        option interface 'sim'
        option metric '2'
        option weight '1'

config interface 'wan'
        option enabled '1'
        option family 'ipv4'
        option track_method 'ping'
        option reliability '1'
        option max_ttl '60'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option up '1'
        option initial_state 'offline'
        option size '8'
        option count '1'
        option down '3'
        list track_ip '8.8.8.8'
        list flush_conntrack 'ifup'
        list flush_conntrack 'ifdown'

config interface 'sim'
        option enabled '1'
        option family 'ipv4'
        option track_method 'ping'
        option reliability '1'
        option max_ttl '60'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option up '1'
        option initial_state 'offline'
        option size '8'
        option count '1'
        option down '5'
        list track_ip '8.8.8.8'
        list flush_conntrack 'ifup'
        list flush_conntrack 'ifdown'

config policy 'wan_aggregation'
        list use_member 'wan_mem'
        list use_member 'sim_mem'
        option last_resort 'unreachable'

config rule 'default_rule'
        option sticky '0'
        option use_policy 'wan_aggregation'
        option proto 'all'
cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.18.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option metric '1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '6t 0 1 2'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 4'
        option vid '2'

config interface 'sim'
        option delegate '0'
        option proto '3g'
        option ipv6 'auto'
        option device '/dev/ttyUSB1'
        option service 'umts'
        option dialnumber '*99#'
        option sim1apn 'airtelgprs.com'
        option sim2apn 'airtelgprs.com'
        option apn 'airtelgprs.com'
        option defaultroute '0'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '6t 3'
        option vid '3'

config route
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option interface 'sim'
        option metric '2'

ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.2, Linux 4.14.241, mips):
  uptime: 5 minutes, since Apr 05 17:20:05 2022
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
  loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 pubkey gmp xcbc hmac kernel-netlink socket-default stroke updown
Listening IP addresses:
  192.168.18.1
  192.168.100.115
  10.128.114.102
Connections:
        vpn1:  %any...13.235.10.40  IKEv2
        vpn1:   local:  uses pre-shared key authentication
        vpn1:   remote: [13.235.10.40] uses pre-shared key authentication
        vpn1:   child:  192.168.18.0/24 === 172.16.1.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
        vpn1[1]: ESTABLISHED 5 minutes ago, 10.128.114.102[10.128.114.102]...13.235.10.40[13.235.10.40]
        vpn1[1]: IKEv2 SPIs: 0bdf45855d0b1edb_i* caf70b1cb9b5448a_r, pre-shared key reauthentication in 23 hours
        vpn1[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
        vpn1{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c46d9bc7_i 52b2a38a_o
        vpn1{1}:  AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 11424 bytes_o (136 pkts, 191s ago), rekeying in 23 hours
        vpn1{1}:   192.168.18.0/24 === 172.16.1.0/24

Please help.

A couple of things to try:

  1. Add connected and disconnected in the flush_conntrack list
  2. Bind the ipsec tunnel to the lan interface and not on the wan.

both methods not working.