Can I do this with pfsense and IPsec ?

  • Hi,

    I have a working IPsec VPN connection from my test network in my office to a supplier. My end is just a single pfsense box allowing access to a single host on my network.

    I now have to migrate this to our production network in our data centre.  My setup there is a bit different.  I have two pfsense firewalls, one master and one failover, kept in sync with VIP/CARP.  I also have two webservers that will need to be accessed by the supplier on one of my LAN segments.  These servers run multiple different web sites, and are load balanced over a number of incoming public IP addresses and port numbers (80 and 443).  This all works great.

    What I would like to know is if it is possible to set up an IPsec VPN with the supplier, just like on my working test system, but have the VPN fail over using VIP/CARP and also have access to my web servers over the VPN via load balancing.

    I'm kind of OK with using a free public IP address as a VIP/CARP address to make sure the VPN will start back up in the event of a failure of the main firewall, but I can't get my head round how to do the load balancing bit properly.

    Any suggestions, pointers to a documented working solution etc would be gratefully received.


Log in to reply