Some questions about pfSense



  • Hello community,

    First of all, let me greet you for this great product called pfSense. In our company, we have something like 5 to 6 boxes running it without any major problems.

    However I have some questions that I would like to throw here, if you can help me:

    1 - We are using Site to Site IPsec VPN's between (mainly) Cisco ASA 5505 and pfSense. Is there any way for us to have "redundant tunnels"? I mean, if one tunnel goes down for any reason (besides the WAN link really going down), the other tunnel raises up?

    2 - Another question is that if we can get 2 WAN's configured for web access. This way, if I lose web access to a certain pfSense on WAN1, I could always try WAN2, regardless of their configurations.

    I can show you my configurations if it helps.
    Please point me in the right direction or documentation if this is all possible. And sorry if I'm not asking this the right way.

    Best regards,

    Bruno Martins



  • No one? :-)

    Best regards,


  • Netgate Administrator

    1. It's not something I've ever tried. I can't really see what advantage it would be. If the WAN is up and you have convectivity to to other end then why switch to a different tunnel? If your first tunnel goes down, for whatever reason, then why switch to a second tunnel rather than bring the first tunnel back up? If you have both tunnels up simultaneously then you could run some failover/redundancy between them. However it's likely both tunnels will be using the same route such that if one goes down both will. You may get a better answer to this in the vpn subforum.  ;)

    2. Not sure quite what you're asking here. Do you mean remotely access the webgui on a pfSense box?
    If so you can do that already. The server that provides the webgui listens on all interfaces you just need to add firewall rules to allow it. It isn't recommended though to have the webgui accessible from the internet.

    Steve


Locked