Concurrent IPSec VPN from branch to Head Office

[chrisb]

Hi There,

I am brand new to OPNsense, we plan use it very soon.
Is it possible to configure concurrent IPSec VPN connections from a branch to the Head Office, unreliable Internet connections at the branches?

[Monviech (Cedrik)]

You can use a mix of:
- Multiple IPsec Tunnels routed over different WANs
- GRE over IPsec, alternatively VXLAN over IPsec
- OSPF, BGP or another kind of routing protocol over the GRE or VXLAN. (There's a "os-frr" plugin for dynamic routing protocols)

Combining these features will dynamically route traffic, e.g. between two OPNsense Firewalls, even when one IPsec Tunnel fails.

Though, it probably won't prevent packet loss related problems, and I'm not sure it will do a seamless transition that keeps all sessions and streams active (e.g. no VOIP interruption). Its mostly just for when one line fails.

Both sides have to support these features.

[chrisb]

Thank you very much for the recommendation.