On 03.12.2012 22:48, Tim Nelson wrote:
I'm looking at implementing a new CARP setup for a couple of sites, but have a
few questions before I dive in:
1. For two pfSense systems, is it confirmed that 3 IPs will be needed on each
subnet/interface? My understanding is one IP per host, plus the 'floating' IP
managed by CARP, for a total of 3. If this is the case, could a non-subnet
specific IP (aka private) be used in the case where public nets are in play and
address space is limited?
2. OpenVPN is utilized quite heavily, both in 'Road Warrior' mode, and
site-to-site. I understand the road warrior connections will simply fail on
CARP failover, then reconnect to the other system. However, on site-to-site
connections, how does the failover work? I assume both pfSense boxen cannot be
connected for the site-to-site VPN at the same time as that would cause routing
issues. Will OpenVPN be 'activated' upon CARP failover to a host?
Thanks for your input!
--Tim
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
1: You need 3 IPs in the same subnet.
2: For site-to-site i would honestly set up 2 separate tunnels (one on
each WAN) and create an internal loadbalancer/failover pool for the
other side via the two gateways of the openVPN tunnels.
Greetings
Matthias May
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
