4. Ipsec VPN using one ISP and backup with other ISP

Ipsec VPN using one ISP and backup with other ISP

  • S

    Hi,

    Hi have a customer that have a Ipsec VPn with a provider and now like to user other IPS to setup a backup for this VPN.

    The idea is use two ISP with diferente provider one is the principal and the other with backup.

    We need that in case the principal channel down use the backup and up the IPSec VPN for this channel.

    Is it possible ?

    0
  • 3

    You can achieve this with either a dual-circuit connection (usually fairly expensive) or by updating DNS records.

    I don't think PFSense has the built-in functionality to update the DNS records if one WAN is down (please feel free to correct me), so you could use a provider like DNSMadeEasy and their DNS Failover.

    I think you would need to create a gateway group and use it for the IPsec interface.

    [EDIT]

    Apparently the DynDNS can use a gateway group too so no need for the likes of DNSMadeEasy.

    @jimp:

    It should work fine though for pfSense to pfSense you need both the IPsec tunnel set to a failover gateway group and a DynDNS entry set to the same failover gateway group, and then use that dyndns host as the remote peer address for the other side.

    Then when WAN1 fails to WAN2, the dyndns IP changes, so the far side knows to accept the new peer, and that's where IPsec will start connecting from.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy