Dual WAN, Dual VPN, plus partial 1:1 NAT?



  • I'd like to setup the following with pfSense. I have a working system right now with 1 WAN, 1 LAN and an IPSec VPN to another site. Due to uptime issues with the current ISP we have a second connection and another NIC to install. We'd like to have failover between ISP A and ISP B, with the VPN transparently failing over, too. We have static IP addresses on both the ISPs, and there is only one remote endpoint (also static).

    There's one other thing - although this is strictly optional for now. We have 5 IPs from ISP B, I'd like to enable 1:1 NAT for two hosts using these external IP addresses. If necessary these two machines don't need to failover.

    I've seen a few things that might help, including the tutorial on mobile IPSec, and this post. None of them seem to offer a clear path though.

    Any hints on how to get this redundant VPN setup working would be greatly appreciate.



  • VPN-failover is not supported currently. All you could do is script some shell magic and cron these scripts. For the multiple IP part on one of the WANs this is doable. Just create virtual IPs and use them as 1:1 nat or as combination of portforward/advanced outbound NAT.


Log in to reply