Is the following setup viable on pfsense ?
-
HI,
I have two pfsense boxes, one master and one failover, kept in sync, and I have an external VIP CARP address set up as my endpoint of an IPsec VPN, the other end is at a third party supplier.
The IPsec VPN between my supplier and my pfsense box isn't an issue - use the CARP address as my tunnel endpoint and it should be fine. I have this working on my test network in my office, so I'm pretty confident about this, using just a single web server on my network.
What I am unsure of is how to have my two web servers on my network load balanced to traffic coming in over the VPN. I have supplied my network addresses to the supplier in order to get working configs, but I don't want to have to make them use one or other of the specific IP addresses of my servers. I want to give them a single IP address and then load balance that across my two servers.
I keep seeing things like Binat and extra virtual network addresses for my LAN, but it's a bit above my current understanding.
I think I have visualised the layout a follows :-
web server A } ==> IPsec VPN ==> supplier network
web server B10.10.2.1 ==> 46.0.0.1 85.0.0.1 ==> 172.16.5.11
10.10.2.210.10.2.[1-2] is the IP addresses of my web servers on my LAN
46.0.0.1 is my CARP address - my IPsec endpoint
85.0.0.1 is the remote IP address of the supplier - supplier IPsec endpoint
172.16.5.11 is the IP address of the host I need to talk to/will be talking to me on the supplier networkI don't know how to address the load balancer bit from my web servers to the VPN. I'm OK with setting up pools/VIP's to do the load balancing, I just don't know how to work out the addressing to make it work.
Any suggestions, pointers to a documented working solution etc would be gratefully received.
Cheers,
Gary -
Sorry, should have added that my pfsense boxes are version 2.1-BETA0 (amd64) built on Thu Nov 8 06:41:07 EST 2012