Multi Wan + failover + VPN PPTP

  • Hello everyone ;)

    I try to build with pfsense :

    |–------VPN PPTP-------|
    Local Network ===== Pfsense Wan 1 ======= Internet ====== Remote Server
                                            Wan 2 ======= Internet ======
    Wan 1 and Wan 2 are failover

    I do not see how to do it. Should I use a GRE or PPTP tunnel on interface ?
    if someone could give me advice or a link to a tutorial...

    thanks in advance

    Sorry for my bad english  :)

  • @DarKcapricoRn
    What services are you having difficulty with? You mention VPN pptp as well as wan1/wan2 failover, but I'm not sure what you are trying to accomplish.
    Does your remote server on Wan 1 require a "VPN PPTP" connection to be set up in order to connect?
    It many be helpful to specify what you mean by failover and how you intend to use your wan connections. I think it's fairly common to use two wan connections to provide redundancy and allow local network users to access the internet without issues if one of the wan connections is down. If you are planning to allow pptp VPN access to the local lan via pfsense, it may still be a limitation that only your primary WAN can allow inbound pptp connections. If you are attempting to allow VPN access via both of your wan connections, you may need to run your pptp server on another machine other than pfsense (I've never done this) or just use another VPN option like OpenVPN which is multi WAN friendly.


  • thanks for quickly reply
    I try to set up a PPTP VPN between pfSense and a remote proxy server.
    These flows should be encapsulated in a compressed and encrypted tunnel to allow users to reach the remote proxy.
    My tutor wants to use PPTP because it is simple.WAN1 and WAN2 have two ISP different to prevent failure.
    In pfSense, except the GRE tunnel, I saw no other option to come to my project…
    I have a schema with this message to be clearer
    Brice ;)

  • @DarKcapricoRn
    Nice illustration. PPTP may be simple, but according to the docs for pfSense 1.2.3, there are a few limitations specific to the implementation of pptp on pfsense that may limit your ability to have more than one concurrent connection to the same pptp server. I've never tried this though, and even if this is a limitation, there is likely a workaround.

    But, you may be able to use another method of tunneling traffic. I've used ssh to create tunnels from one location to another. Ssh even supports dynamic SOCKS proxies. If you only want to try to load balance traffic, perhaps you could create two ssh tunnels with socks (look for the -D option) on different ports/ip addresses on your local network which will be connected to the host outside your network. You could configure each ssh client instance to take different routes to the outside host such that each instance would use each of your WAN ISP connections. Then you could loadbalance using the server option. Note: I've never actually used server loadbalancing with pfSense, only gateway loadbalancing.

    If there really is a limitation for pptp vpns running on pfSense and you and your tutor want to use pptp, perhaps you could use separate pfsense boxes to maintain the desired vpn connections separately, then use a third instance of pfSense to handle the loadbalancing. I have used pfSense virtualized and it seems to work fine. But I don't deal with heavy traffic.


Log in to reply