Re: [pfSense] Remote office redundancy

2014-04-09 Thread Vick Khera
On Wed, Apr 9, 2014 at 10:57 AM, Seth Mos wrote: > Uhm, yeah, oversight on my part when I built this. Also, I didn't have a > RFC2136 server to talk to. So instead of adding something broken I > didn't add it at all. If you can tell me where the moving parts are, I will try to build it. So far I

Re: [pfSense] Remote office redundancy

2014-04-09 Thread Seth Mos
On 9-4-2014 16:50, Vick Khera wrote: > I just dug up this old thread to implement IPsec and OpenVPN failover > coming to my main office from a remote location. The main office > already has a gateway group for the two different ISPs, so my first > step is to set up a dynamic DNS for it. > > This i

Re: [pfSense] Remote office redundancy

2014-04-09 Thread Vick Khera
I just dug up this old thread to implement IPsec and OpenVPN failover coming to my main office from a remote location. The main office already has a gateway group for the two different ISPs, so my first step is to set up a dynamic DNS for it. This is where I get stuck... the RFC2136 client portion

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Seth Mos
On 23-5-2013 17:17, Peter Milazzo wrote: > Hi All, > > I have a remote office running version 2.0.3 with a T1 that has been > stable for years and recently added a Cable connection on a second WAN > port for faster web browsing etc... both connections are setup for > failover. There is also an IPs

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Jim Pingle
On 5/23/2013 11:38 AM, Vick Khera wrote: > > On Thu, May 23, 2013 at 11:17 AM, Peter Milazzo > > wrote: > > My questions are, do I need to setup a second IPsec tunnel for the > cable connection (which I believe you can't do) if it fails over >

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Adam Stasiak
I have a similar setup running over OpenVPN tunnels. My guess would be you won't be able to do it over an IPSEC tunnel, because it happens at too low of a level to be able to interact with it using OSPF or BGP. I use OpenBGPd (running on the pfsense firewall) and it will fail over to the secondary

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Matthias May
Am 23.05.2013 17:53, schrieb Chris Bagnall: On 23/5/13 4:50 pm, Vick Khera wrote: Still, what happens if site 1 wan1 goes down, and site 2 wan 2 goes down? I suppose theoretically you could have 4 VPNs: 1 - 1 1 - 2 2 - 1 2 - 2 Though the OSPF rules to do that would be... interesting, to say t

Re: [pfSense] Remote office redundancy

2013-05-23 Thread master8...@aol.com
On 5/23/2013 11:55 AM, Chris Bagnall wrote: On 23/5/13 4:46 pm, master8...@aol.com wrote: And I use Quagga OSPF to handle the routing/failover. Shame it can't all be done on the pfSense box though. I seem to recall there was an OSPF package in the dim and distant past, but I've no idea if it

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Chris Bagnall
On 23/5/13 4:46 pm, master8...@aol.com wrote: And I use Quagga OSPF to handle the routing/failover. Shame it can't all be done on the pfSense box though. I seem to recall there was an OSPF package in the dim and distant past, but I've no idea if it's still being maintained... Kind regards,

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Peter Milazzo
On Thu, May 23, 2013 at 11:50 AM, Vick Khera wrote: > > On Thu, May 23, 2013 at 11:42 AM, Chris Bagnall > wrote: >> >> I wonder if you could, for example, create two OpenVPN connections which >> run at all times - WAN1 to WAN1 and WAN2 to WAN2, then load balance or >> failover between those? > >

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Chris Bagnall
On 23/5/13 4:50 pm, Vick Khera wrote: Still, what happens if site 1 wan1 goes down, and site 2 wan 2 goes down? I suppose theoretically you could have 4 VPNs: 1 - 1 1 - 2 2 - 1 2 - 2 Though the OSPF rules to do that would be... interesting, to say the least :-) Kind regards, Chris -- This

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Vick Khera
On Thu, May 23, 2013 at 11:42 AM, Chris Bagnall wrote: > I wonder if you could, for example, create two OpenVPN connections which > run at all times - WAN1 to WAN1 and WAN2 to WAN2, then load balance or > failover between those? Still, what happens if site 1 wan1 goes down, and site 2 wan 2 goes

Re: [pfSense] Remote office redundancy

2013-05-23 Thread master8...@aol.com
On 5/23/2013 11:42 AM, Chris Bagnall wrote: On 23/5/13 4:38 pm, Vick Khera wrote: As far as I know, there is no automatic way to have a "backup" IPsec connection. I wonder if the situation is any better with another 'type' of VPN - i.e. OpenVPN? I wonder if you could, for example, create tw

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Chris Bagnall
On 23/5/13 4:38 pm, Vick Khera wrote: As far as I know, there is no automatic way to have a "backup" IPsec connection. I wonder if the situation is any better with another 'type' of VPN - i.e. OpenVPN? I wonder if you could, for example, create two OpenVPN connections which run at all times

Re: [pfSense] Remote office redundancy

2013-05-23 Thread Vick Khera
On Thu, May 23, 2013 at 11:17 AM, Peter Milazzo < peter.mila...@somersetcapital.com> wrote: > My questions are, do I need to setup a second IPsec tunnel for the cable > connection (which I believe you can't do) if it fails over and what will > the routing look like? Is there a better way to set t

[pfSense] Remote office redundancy

2013-05-23 Thread Peter Milazzo
Hi All, I have a remote office running version 2.0.3 with a T1 that has been stable for years and recently added a Cable connection on a second WAN port for faster web browsing etc... both connections are setup for failover. There is also an IPsec tunnel that is configured to connect this office w