Failover with VPN's and multiple sites!

  • <drnick>Hi Everybody!</drnick>

    I have a client who i've deployed a pfsense solution who have two sites in different cities, with both ADSL and SDSL circuits in both locations.
    In each building there are two routers and two pfsense boxes. Each box handles one WAN connection, and have a CARP interface to fail between them.
    At present when their primary goes out, they are able to turn off the relevant firewall to cause a CARP event, and the second set of machines and connections take over.
    It's worth mentioning here that the VPN's connect SDSL to SDSL and ADSL to ADSL respectivley.
    I've searched long and hard looking for a way to automate the CARP event when the SDSL line goes out, and one thought was to use routing for the VPN, but I can't work out for the life of me where that would go!
    Does anyone have any ideas for how I could achieve this? There's also the potential they'll want a third site linked back to the main site in the future, so I'd like a solution that would scale if possible! Can be some $$$ in it for the right solution as well if that helps…



  • This had been discussed before, here is one example:,6952.msg39451.html#msg39451
    It seems like you might be able to use some kind of script to bring down the LAN interface when the tunnel fails. If you want a non-hack solution, then you might want to post something in the bounties section. Depending on the parameters, you might be able to get a decent amount of support.

  • I think all that's needed is a plugin to force a carp event should a specified host be unreachable, there used to be one IIRC, but it's been missing for a while…

Log in to reply