Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC backup

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abidkhanhk
      last edited by

      Hi there.

      we are using IPSEC , which is mostly the main type of vpn for cross site talk talk…

      unfortunately the performance of the ipsec is very bad. i am looking for a way in which we create a openvpn backup for the ipsec.

      Say ipsec drops.. site B calls Site A and then continues working as normal until either site restarts etc.

      something like a failover wan, but for IPSEC.

      thanks

      1 Reply Last reply Reply Quote 0
      • B
        bennyc
        last edited by

        Looked briefly on rules (including the floating ones), but didn't find anything useful there to accomplish what you seek.

        You can get a path selection (take route ipsec or route openvpn) by getting your route-table updated dynamically. (done by a routing protocol, ospf by example)

        No idea if there are other possibilities with pfSense… (This is an interesting one. I'll keep an eye on this thread ;))

        4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
        1x PC Engines APU2C4, 1x PC Engines APU1C4

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          There wouldn't be any way to make that work with IPsec in tunnel mode, because unless you disable the tunnel and make sure the SPDs are gone, then IPsec will still grab the traffic even when the tunnel is down.

          Now if you had IPsec in transport mode + GIF/GRE, and OpenVPN, doing some sort of failover might be possible, similar to multi-wan or using OSPF.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            abidkhanhk
            last edited by

            Thanks Benny and Jimp,

            i am gonna see if Jimp's idea is workable.. i am looking for a quick solution for the issue. changing settings in 4 diff pfboxes will be a titanic task.

            rgds

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.