Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Elaborate dual-WAN set-up with site2site openVPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pstokman
      last edited by

      Hi have an idea for our pfSense router and was wondering if it's possible and how to configure it. Here goes.

      We have two locations at work, our office and data center. I have two identical pfSense appliances with 6 interfaces. At the office, we have two internet connections, a primary and a fall-back one. The router we have now can successfully switch to the second line whenever the primary fails, but VPN doesn't go with it automatically (limitation of the router software). So we got pfSense instead which doesn't have this limitation.
      Since the backup internet connection isn't charged extra when used, I would like to have a more advanced configuration with it, using load balancing. The way it works is that we can use it as fail-over as well, whenever one line goes down, it will be removed from the load balancing pool. Easy enough.

      Now it gets interesting. I would like to create a site-to-site connection to the other pfSense router that has only one internet connection at our data center. The office side will be the client, the other the server. I've found http://forum.pfsense.org/index.php?topic=32603.0 for automatic fail-over for OpenVPN when using fail-over multi-WAN solution. It's a bit odd and it doesn't allow cable pulling to simulate internet failure, which is a bit problematic in case we need to reboot the modem (link will be down for a short time, until the modem initializes it's LAN again) and changing/rebooting switches isn't possible either (requires LAN connectivity).
      Sure, once everything is up and running, we won't be pulling those cables often, so I can live with it. But the device rebooting is something that is required sometimes and would like to avoid downtime of the VPN during such reboot.

      The thing I'm most interested in, is not how to avoid the above scenario, but to combine both internet connections for VPN for higher bandwidth. Is this possible, and how would I configure this? The office side will connect to the VPN server over both WAN connections, but I fear routing issues and inside network conflicts.
      If it's not possible, is there a cleaner solution to the fail-over scenario in the topic I linked? Whenever the primary internet fails, I want to have the users to not notice it, or as little as possible.

      Let me know if something isn't clear and I'll try to explain it better.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.