Dual WAN and IPSec: Simply switch interface on alarm

Routing and Multi WAN
Log in to reply
  • T

    I found many topic replies clearly stating that WAN-failover and IPSec cannot be combined due technical reasons. Yet, I do not see why pfSense is not able to do something I now do by hand. When WAN1 fails, I switch my VPN endpoint from WAN1 to WAN2. When I see that WAN1 is working again, I switch it back. If I can do this, why not pfSense?

    0
  • jimp
    Rebel Alliance Developer Netgate

    It's not quite that simple unfortunately. Many people in the field don't have the ability to just change the endpoint IP without adjusting the other side of the tunnel.

    It might be possible to do this, but it's not as easy as it seems, and would definitely have to be optional. Might be an interesting project for someone looking to get into development to try.

    0
  • T

    I do have this option because the endpoint is a ZyWALL USG, which has support for dynamic clients. The solution could however be reformulated to having two tunnels with different priorities. In case the tunnel with the higher priority goes down, the one with the lower priority is activated. In my case their endpoints would be the same, but for others this does not have to be so. Subnet overlaps do not matter anymore when the tunnels are never both active at the same time.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy