4. IPSEC failover ?

IPSEC failover ?

  • F

    Core 1 : XYZ
    Core 2 : ABC

    Both core locations have the same subnet ranges. Linked together by a MPLS connection.

    Would there be a solution to allow remote branches to connect to Core1, and if that would be down to Core2?
    I could create both IPSEC tunnels at the same time, but since all phase 2's would be identical… Would the second VPN just not connect?

    Routing options it not possible with IPSEC, OpenVPN is not an option (external parties).

    Any ideas?

    0
  • Rebel Alliance Developer Netgate

    That's not currently possible at the moment with multiple tunnels, however you can still pull it off with a single tunnel.

    For the "Core" side use a hostname in DNS that will resolve to whichever one is up (like DynDNS) – and then use that hostname as your Phase 1 IPsec peer in pfSense.

    If the other settings (key, P2 nets, etc) are all the same then pfSense won't care which one it connects to, it will follow the hostname.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy