4. is it possible to implement redundant IPSec tunnels over 2 different WAN connections?

is it possible to implement redundant IPSec tunnels over 2 different WAN connections?

  • O

    I would put 2 WANs on PFSense, this would connect to an Azure VPNGW that is redundant (it has 2 different IPs).

    I guess I would create tunnels, such that the "primary" WAN connection has more specific network routes than the "secondary"?

    0
  • T

    Hi,

    If you wait for 2.4.4 you get routed vpn. With this and the far package you could do this.

    Also you can setup now gre tunnel with ipsec in transport mode. Then use for with ospf on both sides. Then you can but a cost for each tunnel and ospf will use the other tunnel ist the primary goes down.

    Hope that helped you.

    Hint last monthly hangout did a talk about the routed vpn and frr and ospf.

    0
  • R

    Hi

    I've done such a setup with two PFSenses. each has a seperate WAN Provider.
    The other site is a single HA Vmware NSX Edge Firewall.

    I made a scripts which checks the WAN Connection. If the internet fails, the script will switches to the backup PFSense and start there the VPN Tunnel.

    There is nothing much you can do else.
    I'm also waiting for VTI Tunnel Support on 2.4.4

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy