0

We have a pfSense server in two offices. Our main office has a VPN server configured, and our satellite office has a VPN client configured, using the IP 123.156.88.253 (just an example).

We have just got a 2nd internet connection in our main office. We are about to setup link aggregation within pfSense. This will be on IP 88.175.198.87 (again, an example).

How can we alter the client VPN settings to be able to reach the VPN on either 123.156.88.253 or 88.175.198.87?

Is there a service we can buy like DDNS, except for IP addresses, rather than hostnames? I.e. we buy 189.66.78.145, which - in the background - routes to both IPs?

Or how can this be done within pfSense?

The goal is to have the satellite office be able to reach our client VPN, irrespective of whether one internet connection is down; without causing some sort of conflict that might be introduced by adding the same client VPN connection twice.

Danny Beckett
  • 178
  • 3
  • 14
  • I am not sure i get this, you have two VPN services in the same building, one on wire and one on sattelite. Now you ask how clients can... connect to either VPN server? Or are you trying to figure out how you can open two VPN connections at the same time, the wire and the sattelite and still be able to do your day to day work? – Cristian Matthias Ambæk May 24 '18 at 17:53
  • @CristianMatthiasAmbæk Hi, no sorry... by "satellite office" I just mean "secondary office" - not an actual satellite connection. Our main office now has two internet connections. One on IP 123.x that the secondary office connects to. Now we also have an internet connection on IP 88.x. Internally in our main office we have everything on 192.168.1.x, so the network resources here are unaffected by the installation of the 2nd connection. However in the secondary office, it currently connects to 123.x. If that connection goes down, it needs to route to 88.x instead, to get the VPN link. – Danny Beckett May 24 '18 at 18:01
  • Aaa okey now i think i get it, so 123.x is the primary route from Branch to HQ, and if that route goes down you want to instruct the Branch service (automatically) that it now needs to use 88.x to continue to get from Branch to HQ? – Cristian Matthias Ambæk May 24 '18 at 18:07
  • @CristianMatthiasAmbæk Exactly right! We are just worried that something will go awry by adding 2 VPN clients to 1 VPN server. – Danny Beckett May 24 '18 at 18:10
  • How are the HQ's physical connections? Is it for example two copper wires that come into the server room from the same hole in the wall? Or is one a wired connection over copper and the other a wireless backup connection from a 3G modem? Or does the physical connections come into your building / flore at each end of the building / flore? So it for example would be impossible to join them in the same server room. – Cristian Matthias Ambæk May 24 '18 at 18:23
  • @CristianMatthiasAmbæk Two fibre connections which are link aggregated in pfSense. – Danny Beckett May 24 '18 at 18:28
  • It looks like I might need to use round-robin DNS to have one hostname link to multiple IP addresses, and specify the hostname in the client VPN. – Danny Beckett May 24 '18 at 18:30
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/77953/discussion-between-cristian-matthias-ambaek-and-danny-beckett). – Cristian Matthias Ambæk May 24 '18 at 18:36
  • 1
    @CristianMatthiasAmbæk What was the outcome of that discussion? I know when editing the client vpn config manually you can just specify multiple `remote hostname portnumber` lines and that's all that is required. However, how do you make the pfSense client config generator make config files like that? – BeowulfNode42 Oct 08 '18 at 02:02

0 Answers0