Multiple Webservers on LAN

  • Hey everyone!

    In my on-going project to switch over our medical facility to pfsense redundant firewalls, I am running into another snag that I need a little clarification on. I am running in a Multi-WAN + CARP Failover environment. I also will have multiple IPSec connections coming into the firewalls. My two questions are this.

    1. Will my loadbalancer for the multi-wan auto failover for the IPSec connections? Also is there any suggestions as to what I can do to avoid having to enter the secondary WAN's shared CARP IP on the other end of my Site-to-Site VPN when my primary WAN goes offline.
    2. I have multiple webservers on my LAN. How can I go about allowing outside users to access these? In the past we just put them on their own static IP addresses. But if I were to do that now, wouldnt that defeat the purpose of the CARP Failover since it would no longer function?

    Thanks for all the help.


  • Anybody?

  • Rebel Alliance Developer Netgate

    1. No, IPsec doesn't load balance/fail over with multi-wan. You'd have to have a tunnel nailed up on each wan in transport mode, and then have some other method (gre+ospf or similar) to route the traffic over the proper wan. It isn't quite as simple as just sending the IPsec traffic over the other WAN…

    2. Just use additional CARP type VIPs on each WAN, then you can do port forwards to the internal addresses from these CARP VIPs.

Log in to reply