Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is the following setup viable on pfsense ?

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 942 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saxmad
      last edited by

      HI,

      I have two pfsense boxes, one master and one failover, kept in sync, and I have an external VIP CARP address set up as my endpoint of an IPsec VPN, the other end is at a third party supplier.

      The IPsec VPN between my supplier and my pfsense box isn't an issue - use the CARP address as my tunnel endpoint and it should be fine.  I have this working on my test network in my office, so I'm pretty confident about this, using just a single web server on my network.

      What I am unsure of is how to have my two web servers on my network load balanced to traffic coming in over the VPN.  I have supplied my network addresses to the supplier in order to get working configs, but I don't want to have to make them use one or other of the specific IP addresses of my servers.  I want to give them a single IP address and then load balance that across my two servers.

      I keep seeing things like Binat and extra virtual network addresses for my LAN, but it's a bit above my current understanding.

      I think I have visualised the layout a follows :-

      web server A } ==> IPsec VPN ==> supplier network
      web server B

      10.10.2.1  ==>  46.0.0.1  85.0.0.1 ==> 172.16.5.11
      10.10.2.2

      10.10.2.[1-2] is the IP addresses of my web servers on my LAN
      46.0.0.1 is my CARP address - my IPsec endpoint
      85.0.0.1 is the remote IP address of the supplier - supplier IPsec endpoint
      172.16.5.11 is the IP address of the host I need to talk to/will be talking to me on the supplier network

      I don't know how to address the load balancer bit from my web servers to the VPN.  I'm OK with setting up pools/VIP's to do the load balancing, I just don't know how to work out the addressing to make it work.

      Any suggestions, pointers to a documented working solution etc would be gratefully received.

      Cheers,
      Gary

      1 Reply Last reply Reply Quote 0
      • S
        saxmad
        last edited by

        Sorry, should have added that my pfsense boxes are version 2.1-BETA0 (amd64) built on Thu Nov 8 06:41:07 EST 2012

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.