1. Home
  2. pfSense® Software
  3. IPsec
  4. Need help with setting up a vpn for failover/redundancy

Need help with setting up a vpn for failover/redundancy

  • S

    Good evening,

    I have 3 (main, and 2 branch ) offices total that are connected using metro-e.  Each location has public internet to be used as a backup connection.  Only the main branch has pfsense.  The other 2 have junipers.

    I can get a tunnel up without any problem.  The issue I have is how do I set up the failover?  I know how to do this with route based tunnels, but pfsense doesn't support route based vpn tunnels.  Is there a guide or a how to when using rule based vpns?

    Thanks,

    0
  • G

    IPsec failover needs dynamic DNS, so you set the local interface as a gateway group, and on the remote host you set the destination to the dynamic DNS host you have tied to the gateway group. Of course, you need to be able to specify a resolvable host instead of an IP on the other side, and also make sure that you don't have issues with cached DNS responses and stuff alike (no idea how Juniper handles this).

    For example, I have implemented failover IPsec between pfSense and MikroTik routers by setting a script on the MikroTiks that resolves the dynamic DNS entry every minute and updates its IPsec config whenever necessary (pretty much what pfSense does behind the scenes).

    Regards!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy