pfSense IPSec VPN to non-pfSense with dual peer



  • We have VPNs to 2 separate vendors that are not using pfSense, but they have two IPs that they want us to add for their VPN in our pfSense for failover.
    I can't find any way to accomplish this in our pfSense. Is it even possible?

    We are using pfSense version 2.4.4


  • Rebel Alliance Developer Netgate

    Not easily. You can make a VPN to a hostname, and if the remote peer can update the hostname when a failover happens, that can trigger a failover.

    There isn't a way to use both peers at once at the moment though, not with tunneled IPsec.

    With routed IPsec (VTI) you could nail up a tunnel to both peer addresses and use a routing protocol like OSPF or BGP to decide when to fail over.