Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0 site-to-site Dual Wan failover guide?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sollostech
      last edited by

      We are testing pfSense 2.0 and love it so far. OpenVPN from Viscosity is great! Once we are confident of upgrading our existing 1.2.3 routers that have dual WAN I want to move from IPSec tunnels to automatic failover OpenVPN tunnels between the locations. Does anyone have a guide for this procedure? I just bought the new Packt book, but they don't cover that.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        We don't really have a guide for that (yet!), there are a couple different ways you can do it though:

        1. Run permanent tunnels over both WANs without routes/IPs and run OSPF to do routing which can handle the failover
        2. Use floating rules/outbound NAT rules to direct your outgoing OpenVPN client connections into a failover gateway group. This, combined with an extra remote line in the client to make it try a second server IP may do the trick. (On the server side, you may want to bind OpenVPN to LAN and use port forwards from each WAN to direct the incoming connections so they are allowed over each WAN as needed…)

        Sorry for the lack of detail, but it's a pretty complicated thing to spell out.

        I just received a copy of that Packt book, I need to look it over. We (pfSense developers, staff, etc) didn't write that so I'm not sure what its quality will be like, and honestly since we have our own book there are some ethical issues about reviewing it since there is a conflict of interest.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sollostech
          last edited by

          Any way we can pay for the creation of such a report? I like the idea of the new site that had tutorials for subscribers. Or would it be better for me to just pay for you to configure an example setup for me one one of my networks that I can replicate?

          Thanks

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I have a rough draft of the OSPF method that I've sent to some of our commercial support subscribers before, but it's still a little rough around the edges.

            The other method hasn't had any documentation at all yet, I'm not sure anyone has ever done that exactly as I described.

            You could put up a bounty for the documentation if you want to speed it up. It will happen eventually, whether it ends up on the Doc Wiki, in our 2.0 book (when that gets going), but funding always speeds up the process.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.