Help on setting up IPSec Vpn with Failover on two WAN
-
Hi! I need some help… I'm trying to setup PFSense to work with IPSEC VPN's, and Failover... let's say If one WAN get's down, then VPN might get UP by the another WAN (I currently have this working on a Cisco RV082), But I'm having trouble setting up PFSense to do this. Can anybody Please Help me??
Actually, I'm not quite sure this is possible on PFsense. I'm very enthusiastic on deploying my PFsense, but just this IPsec VPN Failover issue is stopping me.
My current status is... I currently have loadbalancing (WAN), and I have my IPSEC VPN working fine... but let's say if WAN gets out... my point is... How to make this VPN Failover
Thanks in advance for any answer
-
Hi,
this isnt possible with IPSEC on pfsense. u cant create 2 Tunnels with same remotesubnets on different wan interfaces.
in relation to jimp's statement this only can be done with Openvpn and Openbgp Protokoll.
cya
-
Hi, thanks for your reply
I know you can't crate 2 Tunnels with the same remote subnets.What I'm trying to do, is to have ONE IPSEC Tunnel which might be cappable of getting UP by one WAN1 or WAN2.
The remote gateway router is cappable of stablishing the VPN by any of the two WAN's.Actually I have this running on a CISCO RV082, the function is named TUNNEL BACKUP, and if you setup Tunnel to get UP via WAN1, you can stablish a BACKUP configuration and after Dead Peer Detection (DPD) dettects failure, tunnel try's to get online via WAN2 to the specified peer address (can be the same one or anotherone by which WAN1 got stablished).
What surprises me, is a post of Scott Ullrich http://blog.pfsense.org/?p=35 which says this IS Possible!
even a screenshot is in there…Buy I can't replicate that screen, even if I type the same URL, after clicking accept I only get an error that causes Racoon to stop.
Can anybody Help me? -
That is for failover between nodes of a CARP cluster, not from WAN1 to WAN2.
