OPNsense Forum
English Forums => Development and Code Review => Topic started by: kapara on March 12, 2020, 07:37:12 pm
-
I would be really interested in finding someone that could develop a VPN failover control solution possibly as a plugin.
It does not make sense why this cannot be an easy solution.
What I envision is as follows:
The ability for 2 firewalls to communicate with each other over ssl/https to each other over a single or dual wan setup.
It will allow the sharing of information as to which WAN connections are up to allow each firewall to determine which IPSEC tunnel to disable or enable based on defined criteria.
For Example:
Site A has a single Static WAN
Site B has 2 single static WAN in Failover
Both sites have 2 (P1 and P2) IPsec configurations so that VPN can work across all WAN interfaces.
Depending on which interface is up or down the 2 firewalls will communicate this info and based on the info will disable or enable the respective tunnel. This can also be weighted so when a primary WAN comes back up it will fail the tunnel back over.
If I do not see any interest in this I will try my luck on upwork but it would be great to see if anyone else is interested and find someone to build this out as it is a feature that is available in pretty much every other firewall solution.
-
It will be hacky with IPsec, also all commercial vendors with these one click solutions drive a hackery inside.
Just use OpenVPN which will achieve this out of the box
-
Regretfully some of my customers can only support IPSEC and also I have seen worse performance in OpenVPN over IPSEC.