Yes interesting, but Carp/sasyncd do redundancy at (read: between) firewall device.. With currently built-in vpn-failover we have redudancy between two pf/firewall box, in case one is going down. (I mean using 1 WAN carp device, the vpn can go out and reach other side from one or other firewall, without any re-connect). Great!
But always using the same ISP uplink. Did I miss something ?? I mean, it's really good to have Ipsec redundancy between 2 firewall, but I need to be able to establish/redirect/re-route/ whatever what ! ;-) the traffic to other site using other ISP when one isp is going down. Yes I can, at the same time, connect 2 ipsec vpn between our 2 sites. 1 using the first IPS and the second link, using the second ISP. But, can I have the same local and remote subnet for these two ipsend VPN ? I can't do outgoing load balancing to remote ipsec subnet between two IPSEC tunnel connecting the 2 same site in parallel !? Regards, -eric. -----Message d'origine----- De : Scott Ullrich [mailto:[EMAIL PROTECTED] Envoyé : Monday, August 08, 2005 9:50 PM À : Chris Buechler Cc : [email protected] Objet : Re: [pfSense-discussion] VPN failover add-on UHM, isnt that sasyncd which we already have!?!?!?!? Scott On 8/8/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > On 8/8/05, Eric m <[EMAIL PROTECTED]> wrote: > > Hi guys! > > > > You are talking about load balancing in previous thread.. In the same way.. > > > > Another great and really interesting improvement you can probably made is a > > kind of VPN (ipsec) failover.. > > > > This already works fine with CARP, though it requires re-establishing > the tunnels so it takes about 3 seconds to fail over. sasyncd is > being worked on (or might work already), which syncs the SAD between > hosts so the failover is instant. > > -cmb >
