Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec VPN using one ISP and backup with other ISP

    IPsec
    2
    2
    589
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      santiagohoyos
      last edited by

      Hi,

      Hi have a customer that have a Ipsec VPn with a provider and now like to user other IPS to setup a backup for this VPN.

      The idea is use two ISP with diferente provider one is the principal and the other with backup.

      We need that in case the principal channel down use the backup and up the IPSec VPN for this channel.

      Is it possible ?

      1 Reply Last reply Reply Quote 0
      • 3
        3vian
        last edited by

        You can achieve this with either a dual-circuit connection (usually fairly expensive) or by updating DNS records.

        I don't think PFSense has the built-in functionality to update the DNS records if one WAN is down (please feel free to correct me), so you could use a provider like DNSMadeEasy and their DNS Failover.

        I think you would need to create a gateway group and use it for the IPsec interface.

        [EDIT]

        Apparently the DynDNS can use a gateway group too so no need for the likes of DNSMadeEasy.

        @jimp:

        It should work fine though for pfSense to pfSense you need both the IPsec tunnel set to a failover gateway group and a DynDNS entry set to the same failover gateway group, and then use that dyndns host as the remote peer address for the other side.

        Then when WAN1 fails to WAN2, the dyndns IP changes, so the far side knows to accept the new peer, and that's where IPsec will start connecting from.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post