Answer the question
In order to leave comments, you need to log in
How to set up a Failower IPSEC tunnel on FreeBSD?
Good afternoon!
There is an office under my control with a gateway on FreeBSD (1 provider) and a remote office of a "friendly" company with pfsense (2 providers).
On PFsense, failower is configured for 2 providers, and the IPSEC tunnel rises on any of the interfaces. Providers there fall alternately with enviable regularity.
Tell me, can I raise 2 tunnels on my FreeBSD to the same remote subnet? Or will you have to fence up / down scripts and change tunnels in case one of the providers falls?
Answer the question
In order to leave comments, you need to log in
only crutches with scripts :(
does the provider provide l2 or l3? can try lacp if l2?
Dynamic routing will save the noble don. Lift two BGP sessions in both tunnels, advertise two routes to the remote subnet in the tunnels, only with different priorities. If one tunnel falls off, routing will switch to another. IPSec, by the way, will be better built somewhere on the loopback address of the remote network so that this address is available, regardless of which tunnel the remote site is accessible through.
Only it is not assured that PFSence is able BGP. You may have to put a clean fryu.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question