Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3 sites - routed ipsec - automatic redundant failover routing

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 361 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      ccb056
      last edited by

      I am running pfsense routers in 3 locations, all with routed ipsec:

      Texas (192.168.11.1/24)
      China (192.168.12.1/24)
      Michigan (192.168.13.1/24)

      Currently each site has a routed ipsec tunnel to the other two.
      Unfortunately, the great firewall of china frequently breaks the tunnel between China and Michigan, the two are rarely ever able to ping each other.
      The tunnel between China and Texas is much more reliable.

      I would still like the local sites in China and Michigan to communicate with each other..... through Texas if necessary.

      How would I setup pfsense such that when the China-Michigan tunnel drops, but the China-Texas and Texas-Michigan tunnels remain, that traffic can flow China-Texas-Michigan through ipsec?

      1 Reply Last reply Reply Quote 0
      • M Offline
        martintamare
        last edited by

        I think the way to go is :

        • Created routed IPSec with VTI
        • Implemented some kind of dynamic routing, with BGP or OSPF, assigning different metrics to your path.

        Videos on theses subjects
        https://www.youtube.com/watch?v=AKMZ9rNQx7Y
        https://www.youtube.com/watch?v=4IlKcB17rWk

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.