4. is it possible to implement redundant IPSec tunnels over 2 different WAN connections?

is it possible to implement redundant IPSec tunnels over 2 different WAN connections?

  • O

    I would put 2 WANs on PFSense, this would connect to an Azure VPNGW that is redundant (it has 2 different IPs).

    I guess I would create tunnels, such that the "primary" WAN connection has more specific network routes than the "secondary"?

    0
  • T

    Hi,

    If you wait for 2.4.4 you get routed vpn. With this and the far package you could do this.

    Also you can setup now gre tunnel with ipsec in transport mode. Then use for with ospf on both sides. Then you can but a cost for each tunnel and ospf will use the other tunnel ist the primary goes down.

    Hope that helped you.

    Hint last monthly hangout did a talk about the routed vpn and frr and ospf.

    0
  • R

    Hi

    I've done such a setup with two PFSenses. each has a seperate WAN Provider.
    The other site is a single HA Vmware NSX Edge Firewall.

    I made a scripts which checks the WAN Connection. If the internet fails, the script will switches to the backup PFSense and start there the VPN Tunnel.

    There is nothing much you can do else.
    I'm also waiting for VTI Tunnel Support on 2.4.4

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy