Two sites with direct link
-
Hello,
I have two VDSL sites with pfsense boxes connected to Internet. Site-to-Site VPN is configured. To set up backup/redunduncy, I have manage to set up radio link between these two sites (there is optical sight, 3 km, stable connection). Now I am considering what design to provide full failover: if Wan1 goes down, Wan2 goes down or radio link gos down. I am considering to use this radio to connect pfsense boxes directly (L3 connection) and route traffic primarly between sites, and if this link fails use VPN. If either of Wan connections goes down, use the other one.Is there any better solution to accomplish redundancy according to setup? I was also thinking connecting the switches (connected to pfsense boxes) over radio, but I think there will be problem with routing/CARP?
Thank you!
-
using a dynamic routing protocol like quagga-ospf is my preferred option for doing something like that.
-
Is it possible to do selective load balance with quagga? (aka VoIP use primarly Wan1, and the rest uses Wan2, utilazing PBR based on tracking gateway)
-
quagga only creates routes …. and can currently only do failover, because pfsense can not have 2 routes towards the same destination at the same time.
if you want to split certain services over different interfaces you are going to have to mess with gateway(groups) by assigning interfaces to your vpn's
-
can second pfsense box be aware that wan1 on first pfsense is down, and use different gateway group?
-
can second pfsense box be aware that wan1 on first pfsense is down, and use different gateway group?
Assuming that is L3 connection between them (OSPF).