Site to Site Tunnel with MultiWan access on both sides



  • Hello,
    i need to create an ipsec tunnel across two or more site all having multiwan capabilities with load balancing and failover.
    actually i configured correctly the dualwan access with loadbalancing and failover policies,
    now i need to setup the vpns… but i don't how to setup them with the following logic:

    1 single tunnel that tries to connect to a pool of remote addresses and accepts connections from a pool of addresses.

    this because, i know that we can have a unique remote subnet and two tunnels cannot share the same remote subnet and i cannot (or at least i don't know if it's possible) make some logic to activate one vpn if another is failing.

    Is this setup possible? where can i find some documentation about this?

    thank in advance.
    bye!


  • Rebel Alliance Developer Netgate

    That isn't possible (yet)
    http://redmine.pfsense.org/issues/1965



  • hello jimp, thank for you answer… not so thank for THE answer you gave ;D

    think about how i can avoid this problem i think i have found the solution, let me explain.

    site to site tunnel can be used indicating ip where to connect to o from where to receive connections, but i can also write a dns entry...
    so, if i use a dynamic dns for every site, when one of the wan is failing, the dyndns is updated by the change of connection...
    in this way when the site tries to connect to the main site it use an updated dyndns with the working wan and the mainsite receive a connection from a dynamic dns...

    i don't know if i was able to explain correctly my idea, but i think it can work in this way, using dyndns!
    but unlucky i cannot try this very easily in a vmware environment...

    thank you and bye!


  • Rebel Alliance Developer Netgate

    If you can get the dyndns IP to follow the "active" wan then yes that would work.


Log in to reply