Route based VPN/Weighted Routes local/VPN Failover



  • Did some searching but came up dry. Hoping the community can help here.

    We use pfSense for our core at the datacenter and works well. Our client sites all use SonicWALL. I consider myself very proficient at both platforms, but this is a new realm combining the two:

    The goal is to use a layer 2 1Gbps fiber connection between the datacenter and the client location (typical route, 10.1.9.0/24 at colo, 192.168.0.0/24 at client). In the event this fiber were to fail, the client also has a commodity carrier on premise, and we'd like to utilize that for a VPN (already have a standard site to site policy in place that works, but will likely need to be removed to accomplish this task).

    In the world of SonicWALL it's possible to create a VPN tunnel (not a site-to-site policy) and control routing between a physical link and a VPN tunnel by typical weighted routes. I do not know the equivalent of this in pfSense.

    Any ideas or links would be appreciated!



  • 24 hour bump. Anyone have any thoughts?



  • so you basically need failover ? you could do that with tiered gateways &policy routing
    the wiki title is for a multi-wan setup, but the same might be of use in your situation: https://doc.pfsense.org/index.php/Multi-WAN#Failover
    you might have to watch out for asymetric routing issues ( send by fiber, receive by vpn = not what you would want)

    the other option is to run a dynamic routing protocol (like ospf or bgp) to handle the re-routing when one link goes down