Scott Ullrich wrote:
UHM, isnt that sasyncd which we already have!?!?!?!?
Scott
My thoughts precisely - there's no reason we can't do this very thing,
up to (and very nicely) using 4 machines and at least two ISPs - two
pfSense boxen at each end, synchronized over the [currently available on
pfSense] most excellent sasyncd. The master of one pair would initiate
the IPsec connection to the CARP address of the other pair; each machine
could have it's own [redundant?] connection to the 'net, effectively
creating a super-redundant, highly available secure tunnel. Set sasyncd
to synchronize every second (manual tweak of /etc/sasyncd.conf), and
you've mad uptime. Add in a tertiary network on each side to privately
pass pfsync messages between the nodes, and you've a really secure
setup, too.
w00ts!
