4. Connecting multiple branch offices back to HQ using cable and DSL

Connecting multiple branch offices back to HQ using cable and DSL

  • C

    I am researching a project that would involve connecting our branch offices to our HQ and DR using cable and dsl connections. Each branch would have a cable connection as the primary and a dsl as backup.

    I am interested in using pfSense as my router of choice.

    What would be my options on the VPN side?

    Would OpenVPN + OSPF be a good option, or would IPSec be better?

    I know TINC is technically an option, but it doesn't seem to have much adoption in the pfS community.

    This setup would be replacing an existing MPLS network. We currently have 5 branches, but may be expanding to 10 in the next 2 years.

    0
  • LAYER 8 Netgate

    Why would you need OSPF?

    Do the branches need to communicate directly with each other or just HQ?

    What kind of traffic levels are you looking at?

    0
  • C

    They really only need to communicate with HQ and DR.

    I was considering creating multiple tunnels from each WAN interface at a branch, back to the HQ and DR. I figured OSPF could be used to manage routes and give priority to the tunnels on the cable connections.

    0
  • LAYER 8 Netgate

    You could use OpenVPN.

    If this is not going to be implemented immediately you could also look at the routed VTI IPsec coming in 2.4.4. You should be able to leverage OSPF there too.

    1
    N
     1 Reply
  • N

    @derelict said in

    If this is not going to be implemented immediately you could also look at the routed VTI IPsec coming in 2.4.4. You should be able to leverage OSPF there too.

    Was going to post this, I had a play with the development release, routed VTI IPsec makes it really easy to do.

    0
  • C

    Our current traffic levels are fairly light, our 10mbit links are not a bottleneck.

    I just watched the Hangout on Routed VTI IPsec, it looks pretty interesting.

    Youtube Video

    But I'm not sure what advantage that would have over OpenVPN.

    I'm just trying to figure out the best design for reliability and automatic failover to the DSL links when the cable links fail.

    I figured having tunnels already up between the DSL links and HQ/DR would be better than relying on gateway groups to reconnect the tunnels.

    0
  • LAYER 8 Netgate

    IPsec is ... faster.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy