Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Concurrent IPSec VPN from branch to Head Office
« previous
next »
Print
Pages: [
1
]
Author
Topic: Concurrent IPSec VPN from branch to Head Office (Read 447 times)
chrisb
Newbie
Posts: 3
Karma: 0
Concurrent IPSec VPN from branch to Head Office
«
on:
July 19, 2024, 11:57:58 am »
Hi There,
I am brand new to OPNsense, we plan use it very soon.
Is it possible to configure concurrent IPSec VPN connections from a branch to the Head Office, unreliable Internet connections at the branches?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1601
Karma: 176
Re: Concurrent IPSec VPN from branch to Head Office
«
Reply #1 on:
July 19, 2024, 02:30:02 pm »
You can use a mix of:
- Multiple IPsec Tunnels routed over different WANs
- GRE over IPsec, alternatively VXLAN over IPsec
- OSPF, BGP or another kind of routing protocol over the GRE or VXLAN. (There's a "os-frr" plugin for dynamic routing protocols)
Combining these features will dynamically route traffic, e.g. between two OPNsense Firewalls, even when one IPsec Tunnel fails.
Though, it probably won't prevent packet loss related problems, and I'm not sure it will do a seamless transition that keeps all sessions and streams active (e.g. no VOIP interruption). Its mostly just for when one line fails.
Both sides have to support these features.
«
Last Edit: July 19, 2024, 02:33:52 pm by Monviech
»
Logged
Hardware:
DEC740
chrisb
Newbie
Posts: 3
Karma: 0
Re: Concurrent IPSec VPN from branch to Head Office
«
Reply #2 on:
July 19, 2024, 04:32:38 pm »
Thank you very much for the recommendation.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Concurrent IPSec VPN from branch to Head Office