Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with setting up a vpn for failover/redundancy

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      speedy3k
      last edited by

      Good evening,

      I have 3 (main, and 2 branch ) offices total that are connected using metro-e.  Each location has public internet to be used as a backup connection.  Only the main branch has pfsense.  The other 2 have junipers.

      I can get a tunnel up without any problem.  The issue I have is how do I set up the failover?  I know how to do this with route based tunnels, but pfsense doesn't support route based vpn tunnels.  Is there a guide or a how to when using rule based vpns?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • G
        georgeman
        last edited by

        IPsec failover needs dynamic DNS, so you set the local interface as a gateway group, and on the remote host you set the destination to the dynamic DNS host you have tied to the gateway group. Of course, you need to be able to specify a resolvable host instead of an IP on the other side, and also make sure that you don't have issues with cached DNS responses and stuff alike (no idea how Juniper handles this).

        For example, I have implemented failover IPsec between pfSense and MikroTik routers by setting a script on the MikroTiks that resolves the dynamic DNS entry every minute and updates its IPsec config whenever necessary (pretty much what pfSense does behind the scenes).

        Regards!

        If it ain't broke, you haven't tampered enough with it

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.