4. Need help with setting up a vpn for failover/redundancy

Need help with setting up a vpn for failover/redundancy

  • S

    Good evening,

    I have 3 (main, and 2 branch ) offices total that are connected using metro-e.  Each location has public internet to be used as a backup connection.  Only the main branch has pfsense.  The other 2 have junipers.

    I can get a tunnel up without any problem.  The issue I have is how do I set up the failover?  I know how to do this with route based tunnels, but pfsense doesn't support route based vpn tunnels.  Is there a guide or a how to when using rule based vpns?

    Thanks,

    0
  • G

    IPsec failover needs dynamic DNS, so you set the local interface as a gateway group, and on the remote host you set the destination to the dynamic DNS host you have tied to the gateway group. Of course, you need to be able to specify a resolvable host instead of an IP on the other side, and also make sure that you don't have issues with cached DNS responses and stuff alike (no idea how Juniper handles this).

    For example, I have implemented failover IPsec between pfSense and MikroTik routers by setting a script on the MikroTiks that resolves the dynamic DNS entry every minute and updates its IPsec config whenever necessary (pretty much what pfSense does behind the scenes).

    Regards!

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy