Symmetric setup with two houses
-
Hi everybody
I'm trying to install the following network, between my house and my brother's. There is only one ethernet cable inbetween.
Both houses have a WAN connection, with a different provider.So here we go:
House A:
Router PFSENSE
WAN Provider 1
LAN A (192.168.10.X for instance)
OPT1 interconnection
Uses Provider 1 by default and Provider 2 in case of failure.
Can access LAN B and can be accessed from LAN BHouse B:
Router PFSENSE
WAN Provider 2
LAN B (192.168.20.X for instance)
OPT1 interconnection
Uses Provider 2 by default and Provider 1 in case of failure.
Can access LAN A and can be accessed from LAN AWhat I don't get is how to setup the interconnection port, with the appropriate firewall rules.
I've searched quite a lot but didn't find the solution. If the answer is somewhere on this forum in a place you know, please be kind enough to point it out.
Cheers !
 -
Use VLAN with a managed switch at both sites. Some switch recommendations http://forum.pfsense.org/index.php/topic,36749.0.html
-
Thanks Perry for your advice. :) I've also been told this earlier, but managed switches cost something.
Isn't it possible to do this directly with routing or vlan capabilities of pfsense ?
I already have 2 "Openbrick E" small computers with 3 ethernet ports each that cost me almost nothing, and if I can avoid buying more equipment I wouldn't mind.
Yeah, I know, I'm not only ignorant, I'm also poor… :)
-
I'm not 100% sure since I have never done it but you might be able to setup a Lan-to-Lan IPSEC tunnel over the OPT1 (aka interconnect) interface. This would give you the benefit of hitting house 2 subnet direct from house 1 subnet and vice-versa.
You could then firewall traffic coming out on your end and your brother could firewall traffic coming out on his end.
-
Thanks gollo. It's a good idea, I'll give it a try.
But then, how do I send incoming traffic on OPT1 to wan ? We also need to use each other's WAN in case the primary wan fails.
-
You have the interconnect for the LANs working, though to have it do dual WAN at the same time you will need to either have another cable (or if you are doing 100mb networking you could use 4 pair for the LAN interconnect and the other 4 pair for the dual WAN) or do VLANs as Perry suggested.
-
i would think you could look into this scenario:
site-to-site openvpn between the 2 houses over the WAN connections (do not let it create routes)
on the interconnects you set static ip's on the same subnet on both ends with rules to allow traffic from and to lan <–> opts
figure out how OSPF package can help you with routing all traffic over interconnects and if fails over WAN (i'm guessing you probably have to mess with metrics)
-
figure out how OSPF package can help you with routing all traffic over interconnects and if fails over WAN
Brilliant idea. I'll try that too.
Once I get a working setup I'll share it here.