Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Failover with VPN Tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: Failover with VPN Tunnel (Read 1704 times)
DeeGee
Newbie
Posts: 6
Karma: 0
Failover with VPN Tunnel
«
on:
March 26, 2022, 01:21:25 pm »
I've got some local failover using CARP/VIP with my two Opnsenses. Now I'd like to expand this to also get the VPN connectivity to also fail over. Right now it depends on LocalOpn1 to be up. I'm using Wireguard for VPN.
RemotePf1:
LAN IPv4: 192.168.20.1/24
LAN IPv6: 2000:abc:1111::1/64
This machine is also routing the whole 2000:abc::/56
LocalOpn1 (primary):
LAN IPv4: 192.168.5.254/24
LAN IPv6: 2000:abc:2222::254/64
LocalOpn2 (backup):
LAN IPv4: 192.168.5.253/24
LAN IPv6: 2000:abc:2222::253/64
LocalOpn1 gets a /60-net from RemotePf1's /56-net.
I use CARP/VIP on the two locals to assign them 192.168.5.1 and 2000:abc:2222::1
RemotePf1 is the exit node for all IPv6 traffic.
How can I get this two-to-one VPN setup to work?
Logged
DeeGee
Newbie
Posts: 6
Karma: 0
Re: Failover with VPN Tunnel
«
Reply #1 on:
April 23, 2022, 05:16:29 pm »
For anyone running into this thread, I ended up using a single tunnel instead of two and turning it off/on using hooks as mentioned by spali and jprenken in
https://forum.opnsense.org/index.php?topic=25993.0
and
https://gist.github.com/jprenken/18ca7bf14ddae547ae0fdf6f56d72573
.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Failover with VPN Tunnel