Multi LAN and WAN redundancy over VPN and direct link

  • Hello! To be sincere I have met with pfSense a little time ago, and found it great! Anyway, I have come with an idea that I'm not really sure if it is doable (or maybe there is a better way to have the same accomplished)

    I have two sites (on 2 different buildings, 2 blocks away from each other). Currently they are linked by a physical cable between the buildings, both are on the same LAN. All internet traffic is sent through the internet link on one of the buildings (lets say, site A), which is running a pfSense box (just installed, had IPCop before)

    We have just got another internet connection (cablemodem through a Cisco 1805) at site B. Now, this is what I would like to accomplish:

    • When both internet connections are up, each site's PCs should route internet traffic through their own internet link and LAN traffic through our own cable (seems easy)
    • If any of the internet links goes down, all internet traffic from both sites should be routed through the remaining active link on the other site (via the cable between buildings). This can be done with proper failover settings right?
    • If eventually our cable goes down, I would like LAN traffic to be directed through an internet VPN between the sites (I am a little lost on this one…).

    If all this mess is possible, do I need a second pfSense box at site B? (where I have the Cisco router). I know the Cisco should be able to VPN to the pfSense box, and most likely handle the failover as well.



    EDIT: I attach a little cheapy diagram of what I am trying to do

  • Sounds like doable with two pfsense boxes, with failover setups

Log in to reply