IPsec Failover for Private LAN



  • Looking at creating a IPsec Tunnel through the internet as a fail over for a private Extended LAN.  Each side has its own subnet.  Can this be easily done in 1 PFSense box at each end or would it be easier to have 2 boxes at each end with 1 doing just the IPsec tunnel, and the other doing the routing?



  • Keep it all on one box. IPsec will have to be manually enabled to fail over (if tunnel mode). For automatic, must use transport mode +GRE/gif or OpenVPN, and a routing protocol.



  • Thanks for the information.  Going to see if i can get it setup this week.



  • I was able to get it setup as a manual fail over and it works awesome.  Pulled 8MB/Second(what windows sees) through the VPN tunnel through the internet, private extended Lan only hit 1MB/Second.


Locked