Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I do this with pfsense and IPsec ?

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 879 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saxmad
      last edited by

      Hi,

      I have a working IPsec VPN connection from my test network in my office to a supplier. My end is just a single pfsense box allowing access to a single host on my network.

      I now have to migrate this to our production network in our data centre.  My setup there is a bit different.  I have two pfsense firewalls, one master and one failover, kept in sync with VIP/CARP.  I also have two webservers that will need to be accessed by the supplier on one of my LAN segments.  These servers run multiple different web sites, and are load balanced over a number of incoming public IP addresses and port numbers (80 and 443).  This all works great.

      What I would like to know is if it is possible to set up an IPsec VPN with the supplier, just like on my working test system, but have the VPN fail over using VIP/CARP and also have access to my web servers over the VPN via load balancing.

      I'm kind of OK with using a free public IP address as a VIP/CARP address to make sure the VPN will start back up in the event of a failure of the main firewall, but I can't get my head round how to do the load balancing bit properly.

      Any suggestions, pointers to a documented working solution etc would be gratefully received.

      Cheers,
      Gary

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.