IPSEC over CARP addresses using Gateway Group as Interface
-
Dear Community,
I've been trying to setup the following environment:
4 pfSense systems in two sites with:
pfS1D1 + pfS1D2: Dual WAN, CARP
pfS2D1 + pfS2D2: Single WAN, CARP (Next months i will be having dual WAN)I've seen that you can configure Gateway Groups with Failover (Primary + Backup) in order to have HA at ISP level, and I also know how to configure HA over CARP, i have my master and backup nodes properly setup.
What i've trying to configure is IPSEC as a first time Dual WAN service, and not knowing if i can use CARP addresses.
Has somebody done this before?
Using CARP addresses for Gateway Groups (Failover) over IPSEC?
I need to propagate the same Local Networks over Primary and Secondary WAN IP ServiceAny ideas or suggestions are greatly appreciated
Warm Regards -
Edit,
I just found that in Gateway Groups you can select the CARP Addresses per Gateway.
-
@DiegoEspinozaP said in IPSEC over CARP addresses using Gateway Group as Interface:
Edit,
I just found that in Gateway Groups you can select the CARP Addresses per Gateway.
I have a similar setup in a customer..
I created two gateway groups.One using the interface address, to use in my firewall rules.
And the other, using the VIP addresses, to use in IPsec.Found it to be more reliable during failover and IPsec works in both nodes.
-
@mcury
Thanks a lot, i am working with Gateway Groups and VIP addresses to check that everything is working as intentedWarm Regards