Original Message From Eric m on Tuesday, 9 August 2005 12:24 p.m. > Another great and really interesting improvement you can > probably made is a kind of VPN (ipsec) failover.. > > Imagine, Two pfSense gateway that establish a VPN betwenn > two sites using > wan1 and constantly monitoring the active link between > endpoints. In the case of a VPN tunnel failing, the tunnel > will be re-establish using the wan 2. And the change the > route to be sure all local traffic between two site will go > thru the new tunnel, until the first can be go up again.
Wouldn't it be better to have each of two boxes connected to a separate box each on the remote side, with two separate VPNs, but with CARP on the LAN IP of each of the 4 boxes? That would give some pretty amazing redundant capacity :) - William
