To me, it sounds like you want a fully meshed VPN solution and you
should be able to set that up. The mathematical for a fully meshed
network is"
n(n-1)/2
where n = number of locations to connect.
3 locations is not a big deal as
3(3-1)/2 = 3 VPN connections. But if you move to using more
locations, it gets much more complex very quickly. For example,
5(5-1)/2 = 10 VPN connections to configure
7(7-1)/2 = 28 VPN connections to configure
So, it is also possible to configure a hub and spoke type of
communications. It is a much simpler diagram, but if the hub goes down,
all VPN communications between the sites is lost.
On 12/9/2015 8:21 PM, Ted Byers wrote:
> Thanks.
>
> This is good to know. Now, I ask your forbearance as I am a
> programmer, not a network administrator.
>
> My question is this. Suppose I have three sites on different
> continents,each having a DMZ and vault, and within each vault there is
> an instance of a MySQL database. I need these instances of the
> database to function as a cluster using the usual suite of MySQL
> clustering tools for managing such a cluster. but this presupposes the
> databases can talk to each other through the LAN. I thought I might
> manage this by creating a VPN that connects the vaults, but how do I
> ensure that this VPN remains functional for the sites that are up even
> if the site that established the VPN goes down. Or can this VPN be
> entirely peer to peer, not functioning like I'd expect if one had sole
> responsibility as a VPN server and the others as clients thereof.
>
> I am not sure I an even using the right language to describe what I am
> after, but do you understand what I am trying to do, and can I do this
> using pfsense? And if I can, the question is how? In this context,
> ir i OK to be a bit pedantic as, like I said, I develop programs and
> normally leave this sort of question to a network administrator (to
> which I do not have access at present).
>
> Thanks
>
> Ted
>
> On Wed, Dec 9, 2015 at 12:59 PM, C. R. Oldham <[email protected]> wrote:
>> Yes, it can do site-to-site VPN as well as be a server for remote clients.
>>
>> --cro
>>
>>
>> On Tue, Dec 8, 2015 at 10:15 PM, Ted Byers <[email protected]> wrote:
>>
>>> Is it possible to use pfsense as a client, replacing a Checkpoint
>>> UTM-1 Edge W with AES256 ? You see, I have one of these Checkpoint
>>> routers that has failed, and it had been used as a client to a VPN. I
>>> know I can use pfsense to provide VPN access to machines behind it. I
>>> have done this, and use OpenVPN to connect to to the machines
>>> protected by pfsense.
>>>
>>> I suppose I could use OpenVPN as the client, and will investigate
>>> that. But I need to know if pfsense can function as both a server and
>>> as a client (for the unrelated purpose of configuring clusters of LANs
>>> each of which is protected by pfsense, so that regardless of which LAN
>>> fails, the others in the cluster can take over operation of the VPN
>>> connecting them all).
>>>
>>> Thanks
>>>
>>> Ted
>>>
>>> --
>>> R.E.(Ted) Byers, Ph.D.,Ed.D.
>>> _______________________________________________
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>
>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
