Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "centerless" virtual network

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 301 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      Lurker23
      last edited by

      This question spans across multiple sections of this forum, so moderators feel free to move it where you think it's more appropriate.

      Let's say I have three pfSense boxes (FW1,2,3), each in different location, thus each on it's own WAN, each posing as OpenVPN server.
      For sake of this scenario example, each OpenVPN server has two clients (C11,12,21,22,31,32) connecting via WAN. In case any of the FWs goes down, its clients jumps to other server.

      I'd like to achieve, that all clients appear on the same subnet, can reach any other and are keeping their IP, regardless on what server they are currently connected to. They do not need to reach FWs themselves except for estabilishing the vpn connection, whole "magic" could (and probably has to be) transparent for the clients. There is no LAN-VPN transitions, each client has its LAN or Internet GW as usual, but also access to this virtual network, existing only among these FWs.

      I could imagine this would require several OpenVPN servers for FW-FW "mesh", where one FW is server and other FWs are its clients. There also need to be OpenVPN connection scripts (be it serverside or client side) for the clients. There also has to be a way of advertising which client is on which server so the others know. Then, how to assure that client-client connection picks the right path (and appear to each other as on the same LAN). Of course, when client is reconnecting from one server to another, it renders him offline from this virtual network.

      The question is not why, but how, by what means. Or there is simply no possible way of achieving this? If so, what is most close doable scenario?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.