[ previous ] [ next ] [ threads ]
 From:  Gil Freund <gilf at sysnet dot co dot il>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Failover to VPN
 Date:  Sun, 09 Apr 2006 22:53:52 +0300
Chris Buechler wrote:
> On 4/8/06, Gil Freund <gilf at sysnet dot co dot il> wrote:
>> We are having problems with our leased line, and were wondering if we can setup
>> a redundent VPN tunnel tunnel over the adsl lines.
> Yes.  you'll have to manually adjust your routing appropriately to
> direct the traffic over the tunnel.   (unless you can setup the router
> for the leased line to automatically route to the appropriate
> destination based on the status of leased line.  that's beyond the
> scope of this list though)

Thanks for the reply, but I am not sure I understand. The leased line and the
adsl line are on separate routers, so the fail over has to occur on the M0N0.

Should I setup two tunnels?
>> (This is assumeing the netscreen can do it.... If not a two m0n0wall config will
>> be just fine by me)
> Netscreen should be usable as an IPsec endpoint, but it might be
> easier and quicker to get it running with two m0n0walls.

Probably what I will do once the NS service contract runs out.

> This is old documentation, and I know there are some inaccuracies, but
> it should get you up and running.  One main thing I'd suggest is to
> use main mode rather than aggressive as it suggests.
> http://doc.m0n0.ch/handbook/ipsec-tunnels.html

This is for one tunnel (which works fine, both with a Netscreen and PfSense). I
am having some difficulty understanding how to set two tunnels between the same
nets, using different routes.

> -Chris