Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wierd Load Balancing and VPn question Multi-WAN and configuration

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jschimanski
      last edited by

      Wasn't sure this was the right place, I'm sure the mods will move it if it isn't

      I have a kinda wierd setup that I am looking to do.

      My company uses PFSense with Open VPN and it is great however we are looking for a backup solution that might be possible with pfsense and would make me very happy if it can.

      Our primary WAN at a remote location is done through MPLS lines back to our core IT network. Recently it has been a prblem when the MPLS fails I can't get to my gear on the other side becuase their core netowrk is down (mine is not). I don't need VPN tuinneling to work on this WAN because of the MPLS and the complications that it would cause me with gateways and such.

      What I am looking to accomplish is that when the primary WAN link goes down (the MPLS system) that pfsense will build a VPN tunnel using Open VPN out WAN2 which would be connected to a cellular capable router for backup purposes to bring the network back to my core system and then once the WAN is restored, drop the vpn and the celullar connection and drive to the primary WAN.

      Is this possible?

      I have attached a photo to show what I am trying to accomplish

      1 Reply Last reply Reply Quote 0
      • J
        jschimanski
        last edited by

        here is the PIC of what I am attempting to do

        ![network attempt #1.PNG](/public/imported_attachments/1/network attempt #1.PNG)
        ![network attempt #1.PNG_thumb](/public/imported_attachments/1/network attempt #1.PNG_thumb)

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          That's doable where you can deploy a routing protocol (probably OSPF, may have to use BGP as routes may need to be exchanged with the MPLS provider), but will get pretty complex because I know your core network is a whole lot more complex than one switch there, at least 3 routing devices involved (jschimanski is a support customer, I'm moderately familiar with their network), plus the MPLS provider's network. I'll follow up with you in private on options, will need to get some more specifics on all the core routing devices to determine exactly where and how the routing protocol would need to be setup.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Another possible way would be (on 2.0, recent snapshots only) to send the outgoing OpenVPN traffic for that instance into a failover pool, so it would re-route over the other WAN if needed.

            If the remote system has a different IP for each direction, you can also add another "remote x.x.x.x" entry into the custom options to direct it there if the primary link on the server end should fail.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.