Add 2nd pfsense 2.4.4p1 server to same domain joined lan



  • Hello
    I apologize if this has been discussed before but I've spent days searching for answers with no real solution. I have a rather large number of servers and workstations, (Windows Servers, Ubuntu, Debian, and XCP-Ng) currently working and fully accessible behind a pfSense 2.4.4p1 server and it works great. I have 16 static public IPs with the 1st pfSense server assigned to 1 of the public IPs with the gateway set to xxx.xxx.xxx.1. It's working fine. I have Windows VPN installed on a Windows Server 2016 server and Windows Server 2016 VPN and Remote Desktop Services on 2 other 2016 servers. Again that all works fine.

    What I'm attempting to do is add a 2nd pfSense 2.4.4p1 server to the lan as I want to use the pfSense VPN implementation verses my current setup. End result I'm looking for is to have a 3rd pfsense server at home, connected to my office using a Site to Site VPN connection.

    I have the 2nd pfSense server setup and assigned a second public ip from my assigned block and have it's wan gateway set to the same ip as the first pfSense server which continues to function normally. The issue is that the 2nd pfSense server is showing that the Gateway is down and has 100% packet loss. Again all servers and workstations are joined to the same windows domain with the domain controller also running DHCP and DNS.

    Is it possible to do what I'm attempting? If so, any pointers to where to look or what I'm missing? I love pfSense and until now thought I had a pretty good handle on it. I'm sure it's just a simple oversight on my part.

    Thanks for any assistance


  • LAYER 8 Global Moderator

    Why would you put this 2nd pfsense on your lan?

    Why can vpn not just run on our 1st pfsense? If you want to have HA, then setup carp..



  • Thanks for the reply. Mainly to separate the traffic on the first pfSense. That one currently runs at about 35% to 55% cpu. Eventually that server will be upgraded. The thought is the 2nd pfSense at that location will be used exclusively for the VPN access. If the VPN access begins to affect the traffic through the main pfSense server, I'll just cut the site2site access out of the picture. I have limited bandwidth available (400/25) so the site2site is a nice to have to eliminate running to the building when something goes bonkers there. I may try enabling the site2site on the 1st server and see what happens. Is it possible to run site2site and road-warrior on the same pFsense server. Needless to say, because I had been relying on RDS for the past few years, I'm a noob on the VPN side of things.


Log in to reply