Results 1 to 6 of 6
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default VPN Tunnel redundancy

    Is there a way to have VPN tunnel redundancy with NG FW using multiple ISPs? I don't care whether it's IPsec or OpenVPN. I think we'd prefer IPsec, but either way could work if we can just have a solution.

    Our client's internet keeps failing at inopportune times (Comcast). They have about 25 employees who can hardly conduct business without access to their VPN in a remote city.

    They've asked us for a multi-ISP solution that will allow the Internet & VPN to work in the event that either ISP is down.

    BTW, they do have an active Untangle subscription w/ full features. I know the WAN-Failover app will take care of the internet connectivity redundancy. So the VPN redundancy is the unknown to me at this point.

    Any takers? Your help is appreciated.

    Sincerely,
    -
    Doug

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,686

    Default

    It's not possible with IPsec since by definition each tunnel has to have unique end point pairs.

    OpenVPN tunnel has failover by design.
    http://forums.untangle.com/openvpn/3...tml#post188636
    Quote Originally Posted by dmorris View Post
    The client chooses which WAN to connect to - the server will answer via the same WAN the client connected on.
    The client chooses based on your configuration of Public Address. If the Public Address fails it will then try the IPs of the WANs manually as configured in the conf file.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    Does Untangle tech support stand behind the OpenVPN method you just posted? That would be great for me.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,686

    Default

    Quote Originally Posted by dkmortensen View Post
    Does Untangle tech support stand behind the OpenVPN method you just posted? That would be great for me.
    It is how it works by default on Untangle so I'm sure they do.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    Cool. But as for IPsec, I realize it wouldn't be the same tunnel, but is there a way you could have 2 tunnels (1 for each ISP) created on 1 UTM both with the same IPs routed and then just prioritize them somehow for failover?

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,686

    Default

    No, since the endpoints (LAN address range) would be the same which is not allowed in IPsec.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2