Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Backup Tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tacochowder13
      last edited by

      I'm trying to replace a bunch of Sonicwalls with pfsense boxes.  Sonicwall has this feature where you can put in a backup IP for each peer.  Is there any solution in pfsense that would allow you to do a backup tunnel?

      We have a pfsense cluster in our primary datacenter.  We have our own IP space here which is advertised via BGP to multiple ISPs so this essentially never goes down.  Then we have a bunch of remote offices that use a redundant ISPs and a pair of sonicwalls at each one.

      I have to setup VPN to all the sonicwalls.  I have this all up and working, but I need a way to do tunnels to each Sonicwall's backup ISP in the event the primary fails.  I was thinking I'd just copy the tunnel on the pfsense cluster, change the IP to the backup ISP IP, and set it to listen only.  Will this work on pfsense??

      To make it slightly harder, what if I have a pair of pfsense boxes on both sides.  Only one side would have two ISP links.  Is there any way to do IPSEC redundancy in this scenario?

      1 Reply Last reply Reply Quote 0
      • D
        djamp42
        last edited by

        I haven't done this since pfsense 1.2.3 but you should be able to run two pfsense in a carp setup, and if you point your IPsec tunnel to the shared carp WAN ip it should work. I don't see any reason you wouldn't be able to do this on both sides.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.