Package idea: Autoconfig of site-to-site VPN using other ends backup configs as source?



  • Hi,

    Back story:
    Played around with Cisco Meraki in a project I was involved with. Setting up IPsec site-to-site was so simple. They've got a central cloud management system for their stuff. And through that everything was relayed to the other "hub" (as they call it).
    WAN IP, PSK, Routes, LAN everything just configured it self on the second site. Very nice!
    I also moved the primary site to a new WAN IP and before I knew it the second site was connect as it had received the new WAN IP address from the cloud. Impressive I think.

    Idea:
    So I though, pfSense doesn't have a central cloud in the same way but we have centrally backed configs!

    Would it be possible with minimal config at a second site to pick up everything else from the primary sites config backups (given that you got the backup-key) and though that configure everything else needed for site-to-site as the Meraki did (PSK, maybe even Cert, LAN, WAN ... you catch my drift)
    My though that this could be applicable on both IPsec and OpenVPN site-to-site configs.

    I got no experience in building packages. Or have no idea if this is even feasible to configure these components through a package.

    Enlighten me! Should I bury this idea and go back to munching glue and configure site-to-site the old and gritty way?

    Brgs,

    Edit:
    Or should this be submitted as an idea for a built in function in pfSense?


Log in to reply