pfSense IPSec VPN to non-pfSense with dual peer
cwAestoHealth last edited by
We have VPNs to 2 separate vendors that are not using pfSense, but they have two IPs that they want us to add for their VPN in our pfSense for failover.
I can't find any way to accomplish this in our pfSense. Is it even possible?
We are using pfSense version 2.4.4
Not easily. You can make a VPN to a hostname, and if the remote peer can update the hostname when a failover happens, that can trigger a failover.
There isn't a way to use both peers at once at the moment though, not with tunneled IPsec.
With routed IPsec (VTI) you could nail up a tunnel to both peer addresses and use a routing protocol like OSPF or BGP to decide when to fail over.