OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: vince on July 11, 2018, 09:36:54 am

Title: Is VPN failover possible with OPNsense?
Post by: vince on July 11, 2018, 09:36:54 am
I'm trying different approaches, but so far failed to get somewthing working put together.
Architecture would be something a HA-Setup connected to a PPPoE router on each site. So there is HA for internet access which is pretty seemless, is it possible to achieve something equally seamless for VPNs?

From what I´ve read and tried I recon that:
1) IPsec would need two tunnels per HA box, so four for site-to-site, and I don´t have an idea on how to make the boxes failover to the other tunnel.
2) OpenVPN needs a central server? Client failover seems to be possible, but what about server failover?
3a) ZeroTier seems promissing, but using CARP sometimes works and then doesn´t. When it was working and I tested the failover it stopped working completely. And there is not a lot of documentation on that to work from.
3b) ZeroTier with OSPF seems to be another possibility, but from what I gathered it would take to long to switch to the other route to call it seemless?

Some may ask why I need seemless, well, we have, among other things, SIP traffic running over those tunnels and the calls may not be disconnected.