Hey,
What can I expect of these 2 VPN’s in High availability?
I’m trying to mimic Cisco’s SSLvpn client behaviour where with a Failover the client stays connected but maybe loses a few pings.
So far all the test i did resulted in the OpenVPN client to disconnect and reconnect (within 20 seconds), which is far from seamless in comparison to my cisco 5516 firepower in HA.
Same for IPSec, it seems the tunnel needs to be reestablished on failover (which it does, but again, in Cisco world, the tunnel just stays up.
Is this at all doable with pfSense?
Should be seamless if you are using the CARP IP with a pfsense HA setup.
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/ha.html
pfSense HA CARP stops an openvpn client on the backup firewall and starts it whenever a CARP event happens.
With an OpenVPN HA CARP server the folowing is stated:
When XMLRPC Configuration Synchronization settings are enabled, OpenVPN instances will automatically synchronize from the primary node to the secondary. The connection state is not retained between hosts so clients must reconnect when failover occurs, but OpenVPN will detect the connection failure and reconnect automatically.