OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Is VPN failover possible with OPNsense?
« previous next »
  • Print
Pages: [1]

Author Topic: Is VPN failover possible with OPNsense?  (Read 1807 times)

vince

  • Newbie
  • *
  • Posts: 31
  • Karma: 4
    • View Profile
Is VPN failover possible with OPNsense?
« on: July 11, 2018, 09:36:54 am »
I'm trying different approaches, but so far failed to get somewthing working put together.
Architecture would be something a HA-Setup connected to a PPPoE router on each site. So there is HA for internet access which is pretty seemless, is it possible to achieve something equally seamless for VPNs?

From what I´ve read and tried I recon that:
1) IPsec would need two tunnels per HA box, so four for site-to-site, and I don´t have an idea on how to make the boxes failover to the other tunnel.
2) OpenVPN needs a central server? Client failover seems to be possible, but what about server failover?
3a) ZeroTier seems promissing, but using CARP sometimes works and then doesn´t. When it was working and I tested the failover it stopped working completely. And there is not a lot of documentation on that to work from.
3b) ZeroTier with OSPF seems to be another possibility, but from what I gathered it would take to long to switch to the other route to call it seemless?

Some may ask why I need seemless, well, we have, among other things, SIP traffic running over those tunnels and the calls may not be disconnected.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Is VPN failover possible with OPNsense?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2