Failover (two internet links) and point-to-point VPN
-
The pfsense version of the server is 2.3.4.
I configured peer-to-peer VPN. It's working fine. It was necessary to place a second network card on the server and have two internet links. Failover was configured on the server (if link 1 is off, link 2 keeps the internet working), but if link 1 is off, the VPN does not work. How to configure the VPN to work with both internet links?
-
@jucelio_rosa
Why didn't you upgrade your pfSense version?Are you talking about the server or the the client of the VPN?
-
@viragomann
I'm talking about the server. I haven't updated the version on the server, as it hasn't been possible yet. I haven't had a chance to talk about it with my boss yet. -
@jucelio_rosa
So if it is the server, the client has to connect to a different IP after failover.You can easily achieve this by a second remote line in the client config file.
However, there is no possibility to prefer a certain one as far as I know. The client tries the first one, and if it fails it tries the next one. If it is connected to the second it will not failback to the primary if it is online again till the connection fails.On the server you can just forward the OpenVPN from the second WAN to the IP, which your server is listening on.
-
@viragomann
Can you explain it to me step by step?on the client I put the line in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;
-
@jucelio_rosa
Just open the client config file, copy the remote line and change the server IP to your second WAN. If you just forward the traffic from the second WAN to the primary port and protocol are equal.It has this format:
remote <server IP> <server port> <protocol>If you use the client export utility you can also add the second line there in the advanced options box. So it will be included in future exports.
-
@viragomann
On the client's screen (graphic screen) I put in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;!
But it still doesn't work. When the backup link is on, the VPN does not work.
But it still doesn't work. When the backup link is enabled, the VPN does not work.
Would I have to make other settings on the server? -
@jucelio_rosa said in Failover (two internet links) and point-to-point VPN:
On the client's screen (graphic screen) I put in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;!A private IP?
I'd assume, that the client has to access a public IP to reach the server.