Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple matching SAs - IPsec 'failover'?

    IPsec
    1
    1
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ktims
      last edited by

      So I've got a situation where a client wants to set up a VPN for VoIP to a satellite office a block or so away. At the main office, they're already using dual-WAN failover in pfSense. At the satellite I've got pfSense up and running with an SA to the primary WAN at the main office.

      What I'm wondering is if I set up a matching SA to the other WAN IP at the main office, will pfSense detect if one of the WANs goes down and switch to the other SA? That is of course assuming I can create the two SAs at the same time to begin with.

      Dual WAN at the satellite isn't an option right now, but I would like to be able to handle the primary WAN at the main office going down, as all 3 WAN connections are on different ISPs, the satellite isn't likely to be taken out by an outage that would take out the primary WAN connection. I am curious though if a similar setup would work, but with 4 SAs at each side to handle any single link failure at each site.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.