Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failover with VPN's and multiple sites!

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyberprog
      last edited by

      <drnick>Hi Everybody!</drnick>

      I have a client who i've deployed a pfsense solution who have two sites in different cities, with both ADSL and SDSL circuits in both locations.
      In each building there are two routers and two pfsense boxes. Each box handles one WAN connection, and have a CARP interface to fail between them.
      At present when their primary goes out, they are able to turn off the relevant firewall to cause a CARP event, and the second set of machines and connections take over.
      It's worth mentioning here that the VPN's connect SDSL to SDSL and ADSL to ADSL respectivley.
      I've searched long and hard looking for a way to automate the CARP event when the SDSL line goes out, and one thought was to use routing for the VPN, but I can't work out for the life of me where that would go!
      Does anyone have any ideas for how I could achieve this? There's also the potential they'll want a third site linked back to the main site in the future, so I'd like a solution that would scale if possible! Can be some $$$ in it for the right solution as well if that helps…

      Cheers!

      Alex.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        This had been discussed before, here is one example: http://forum.pfsense.org/index.php/topic,6952.msg39451.html#msg39451
        It seems like you might be able to use some kind of script to bring down the LAN interface when the tunnel fails. If you want a non-hack solution, then you might want to post something in the bounties section. Depending on the parameters, you might be able to get a decent amount of support.

        1 Reply Last reply Reply Quote 0
        • C
          cyberprog
          last edited by

          I think all that's needed is a plugin to force a carp event should a specified host be unreachable, there used to be one IIRC, but it's been missing for a while…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.