Re: [pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)

[Seth Mos]

I had one of those moments yesterday that I can only terminate on the OPT 
interface, but not the WAN. I will check too.

Regards,

Seth

Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven:

> I'm wondering if I'm seeing something closely-related: I also have a VIP 
> (CARP) setup where IPSec will not work properly.  I never thought to examine 
> the actual IPs that closely, though... I'll see off I can replicate the 
> problem tomorrow.
> -Adam
> 
> 
> Joshua Schmidlkofer  wrote:
> 
>> Dear Support,
>> 
>> I have multiple WANs at one site, and it I have a few different
>> places which I am connecting tunnels to.  It appears that creating new
>> connections to the end points is a little unpredictable.
>> 
>> I can't seem to control which interface the initial contact packets
>> comes from.  I don't know how to explain this, but let's say I have
>> two WAN connections.  I have named them CABLE and LEASED.
>> 
>> Several tunnels work fine, but these last two have been completely
>> out of control.  No matter what, in one case I am going down the wrong
>> line.  According to IPsec policy this tunnel is configured for
>> Interface "CABLE", and everything else set properly.   Site-A has two
>> lines.  Site-B has only one.   Site-B can instatiate successful VPN
>> connection, Site-A cannot.  Site-A persistently, in this one tunnels
>> case, is using the wrong line.
>> 
>> I cannot determine a good method for forcibly routing the traffic,
>> and racoon doesn't seem to honor the source-interface configuration.
>> Racoon is binding to the correct IP addresses.
>> 
>> On the same topic, I was unable to successfully convince racoon to
>> bind to a virtual IP as well.  I have been forced to use the Interface
>> IPs.
>> 
>> Advice, help, ideas?
>> 
>> Sincerely,
>> Joshua
>> 
>> -
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>> For additional commands, e-mail: support-h...@pfsense.com
>> 
>> Commercial support available - https://portal.pfsense.org
>> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)

[Adam Thompson]

I'm wondering if I'm seeing something closely-related: I also have a VIP (CARP) 
setup where IPSec will not work properly.  I never thought to examine the 
actual IPs that closely, though... I'll see off I can replicate the problem 
tomorrow.
-Adam


Joshua Schmidlkofer  wrote:

>Dear Support,
>
> I have multiple WANs at one site, and it I have a few different
>places which I am connecting tunnels to.  It appears that creating new
>connections to the end points is a little unpredictable.
>
> I can't seem to control which interface the initial contact packets
>comes from.  I don't know how to explain this, but let's say I have
>two WAN connections.  I have named them CABLE and LEASED.
>
> Several tunnels work fine, but these last two have been completely
>out of control.  No matter what, in one case I am going down the wrong
>line.  According to IPsec policy this tunnel is configured for
>Interface "CABLE", and everything else set properly.   Site-A has two
>lines.  Site-B has only one.   Site-B can instatiate successful VPN
>connection, Site-A cannot.  Site-A persistently, in this one tunnels
>case, is using the wrong line.
>
> I cannot determine a good method for forcibly routing the traffic,
>and racoon doesn't seem to honor the source-interface configuration.
>Racoon is binding to the correct IP addresses.
>
> On the same topic, I was unable to successfully convince racoon to
>bind to a virtual IP as well.  I have been forced to use the Interface
>IPs.
>
> Advice, help, ideas?
>
>Sincerely,
> Joshua
>
>-
>To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>For additional commands, e-mail: support-h...@pfsense.com
>
>Commercial support available - https://portal.pfsense.org
>

[pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)

[Joshua Schmidlkofer]

Dear Support,

 I have multiple WANs at one site, and it I have a few different
places which I am connecting tunnels to.  It appears that creating new
connections to the end points is a little unpredictable.

 I can't seem to control which interface the initial contact packets
comes from.  I don't know how to explain this, but let's say I have
two WAN connections.  I have named them CABLE and LEASED.

 Several tunnels work fine, but these last two have been completely
out of control.  No matter what, in one case I am going down the wrong
line.  According to IPsec policy this tunnel is configured for
Interface "CABLE", and everything else set properly.   Site-A has two
lines.  Site-B has only one.   Site-B can instatiate successful VPN
connection, Site-A cannot.  Site-A persistently, in this one tunnels
case, is using the wrong line.

 I cannot determine a good method for forcibly routing the traffic,
and racoon doesn't seem to honor the source-interface configuration.
Racoon is binding to the correct IP addresses.

 On the same topic, I was unable to successfully convince racoon to
bind to a virtual IP as well.  I have been forced to use the Interface
IPs.

 Advice, help, ideas?

Sincerely,
 Joshua

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Pfsense, OpenVPN and multicast

[Evgeny Yurchenko]

On 11-05-18 04:53 PM, Kurt Buff wrote:

On Wed, May 18, 2011 at 13:37, Evgeny Yurchenko  wrote:

On 11-05-17 01:38 PM, Kurt Buff wrote:


On Tue, May 17, 2011 at 10:18,wrote:


All,

We have a subnet with a public IP address fronted by a pfsense
(1.2.3R) box with routing and OpenVPN enabled and configured. We're
testing this with a product that uses multicast - the server is in the
network protected by the pfsense box, and there will be one or more
clients connecting to it from the field.. While most network
functionality is present, the multicast traffic is not being seen on
the client.

Does pfsense/OpenVPN support multicast in this kind of arrangement?

We've added in the IGMPProxy package, which so far doesn't seem to be
doing anything for us, though we may not have configured that
correctly.

Thanks,

Kurt


I do not think igmpproxy will be in any use here.
Try routing multicast IPs/subnet over the tunnel explicitly.
Evgeny.


I'm a complete newb at multicast stuff - never used it before. Since
this traffic will be completely contained over the OpenVPN link,
should I be using (per this link:
http://www.tcpipguide.com/free/t_IPMulticastAddressing.htm) addresses
from the administratively (or locally) scoped range?

Also, what might a route statement look like for multicast - different
than normal unicast routing, or pretty much the same?

Thanks,

Kurt


Don't try to route all multicast addresses (like 224.0.0.0/4) find out what
IP address(es) your application is using and try to route only this
one(these ones). Do not forget to allow it in Rules.
Route statement will look exactly like for 'normal' unicast.
Remember: I never tried that, just do not see why it will not work -))) I
guess it is worth to try.
Evgeny.



After a buncha research, I found that this is a known issue, with a
hackish workaround. You have to enable tap, vs. tun, and the
directions are here: http://doc.pfsense.org/index.php/OpenVPN_Bridging
- I found it in pfSense, The Definitive Guide.

I haven't tried it yet, so we'll see how it goes.

If that doesn't work, I will probably try the tun/routing approach again.


please keep us posted. I am very curious to see how it goes.
thanks.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Remote Admin of pfSense via ssh

[Frank Heydlauf]

Hi Mehma,

On Thu, May 19, 2011 at 09:52:01AM -0700, Mehma Sarja wrote:
...
> Unfortunately the area is not wired for the Internet. The only thing  
> they get for 100 - 200 USD per month is sporadic wimax.

so you need an *offline* remote management.
What about using a second pfsense-box at your site, maintain
the rules there and export them using scp?
(use tmp files as target and move them in place using a script
to have a semi-atomar operation).

-- 
Regards Frank

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Remote Admin of pfSense via ssh

[Mehma Sarja]

On 5/19/11 4:06 AM, Per von Zweigbergk wrote:

On 2011-05-19 12:41, Mehma Sarja wrote:

Never had the need nor opportunity to admin a box remotely - so this
question may be as trivial as ssh in and maintain pf.conf and
config.xml. Any experiences?
Trying to maintain config.xml over SSH is not very fun, although it is 
possible. I vaguely remember there being some command that will spawn 
an editor on config.xml, and then save it persistently, reloading the 
configuration when the editor exited. I might have dreamed that, though.


Unfortunately the area is not wired for the Internet. The only thing 
they get for 100 - 200 USD per month is sporadic wimax. I am hoping the 
situation is far better than that when I get there. I am looking at dial 
in to a kvm switch - a direct phone line.


Mehma

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Recommendation for 10Gb NIC on pfSense

[Michael Bubb]

I have seen reference to Myricom NICs.
We are about to try an:
MYM-10G-PCIE2-8B2-2S+E.




On Thu, May 19, 2011 at 05:18, Frank Richter  wrote:
> Dear all,
>
> I need to build a firewall with 10Gbit NIC's for WAN and LAN.
> I experienced  strange behavior with Intel 10Gb Server adapter on pfsense
> 2.0-RC1 (both i386/amd64) Snapshot from 5.5.2011.
>
> I have VLAN's configured on the LAN side and the system crashes with "Fatal
> Trap 12" during boot or when the NIC gets a link.
> I tested it on 3 different servers and 2 NIC's, all show exactly the same
> misbehavior.
>
> pciconf -l | grep ix
> ix0@pci0:19:0:0:    class=0x02 card=0x7a118086 chip=0x10fb8086 rev=0x01
> hdr=0x00
> ix1@pci0:19:0:1:    class=0x02 card=0x7a118086 chip=0x10fb8086 rev=0x01
> hdr=0x00
>
> Do you have any recommendations on a 10Gb NIC (Fibre, Dual preffered) that
> can do VLAN and working stable on pfSense 2.0-RC1?
>
>
> Thank you very much,
>    Frank Richter
>
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>



-- 
Michael Bubb   +1.646.783.8769
https://www.google.com/profiles/michael.bubb

     "At the Tower of Babel, they knew what they were after ... knew
what they were after..."

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Remote Admin of pfSense via ssh

[Per von Zweigbergk]

On 2011-05-19 12:41, Mehma Sarja wrote:

Never had the need nor opportunity to admin a box remotely - so this
question may be as trivial as ssh in and maintain pf.conf and
config.xml. Any experiences?
Trying to maintain config.xml over SSH is not very fun, although it is 
possible. I vaguely remember there being some command that will spawn an 
editor on config.xml, and then save it persistently, reloading the 
configuration when the editor exited. I might have dreamed that, though.


Assuming you don't have a VPN, what you want to do instead, is to tunnel 
HTTP or HTTPS over SSH. From a Linux machine you'd do something like:


ssh -L 10080:localhost:80 pfsense-box.example.net

After you're authenticated, pointing your web browser at 
http://localhost:10080 will let you remotely manage the pfsense box. On 
a windows box you can substitute PuTTY for the ssh client, it'll let you 
do the same thing through a pointy-clicky GUI.


Exposing ssh publically can be fine as long you take basic precautions - 
have a strong password setup for all your users that can ssh into the 
machine for one, and I would recommend using a non-standard port for SSH 
and, if practical, setting up the firewall to filter out which IP 
addresses are permitted to connect to the machine. Requiring SSH keys 
for access would also be a good idea, depending on your balance between 
security and usability.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Remote Admin of pfSense via ssh

[Carlos Vicente]

Mehma,

I'm not sure of what is your issue here, but one thing is for sure: if you
want to admin a box remotely, it would be higly advisable to do that through
a VPN. Leaving the SSH port open on the WAN interface is not a good security
policy, even if you change the port 22 to another one.

Hope this helps.

On Thu, May 19, 2011 at 11:41 AM, Mehma Sarja  wrote:

> Never had the need nor opportunity to admin a box remotely - so this
> question may be as trivial as ssh in and maintain pf.conf and
> config.xml. Any experiences?
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] Recommendation for 10Gb NIC on pfSense

[A Mohan Rao]

anybody explain what is server side settings for open vpn on pfsense 2.0



On Thu, May 19, 2011 at 2:48 PM, Frank Richter wrote:

> Dear all,
>
> I need to build a firewall with 10Gbit NIC's for WAN and LAN.
> I experienced  strange behavior with Intel 10Gb Server adapter on pfsense
> 2.0-RC1 (both i386/amd64) Snapshot from 5.5.2011.
>
> I have VLAN's configured on the LAN side and the system crashes with "Fatal
> Trap 12" during boot or when the NIC gets a link.
> I tested it on 3 different servers and 2 NIC's, all show exactly the same
> misbehavior.
>
> pciconf -l | grep ix
> ix0@pci0:19:0:0:class=0x02 card=0x7a118086 chip=0x10fb8086
> rev=0x01 hdr=0x00
> ix1@pci0:19:0:1:class=0x02 card=0x7a118086 chip=0x10fb8086
> rev=0x01 hdr=0x00
>
> Do you have any recommendations on a 10Gb NIC (Fibre, Dual preffered) that
> can do VLAN and working stable on pfSense 2.0-RC1?
>
>
> Thank you very much,
>Frank Richter
>
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

[pfSense Support] Remote Admin of pfSense via ssh

[Mehma Sarja]

Never had the need nor opportunity to admin a box remotely - so this
question may be as trivial as ssh in and maintain pf.conf and
config.xml. Any experiences?

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Recommendation for 10Gb NIC on pfSense

[Frank Richter]

Dear all,

I need to build a firewall with 10Gbit NIC's for WAN and LAN.
I experienced  strange behavior with Intel 10Gb Server adapter on 
pfsense 2.0-RC1 (both i386/amd64) Snapshot from 5.5.2011.


I have VLAN's configured on the LAN side and the system crashes with 
"Fatal Trap 12" during boot or when the NIC gets a link.
I tested it on 3 different servers and 2 NIC's, all show exactly the 
same misbehavior.


pciconf -l | grep ix
ix0@pci0:19:0:0:class=0x02 card=0x7a118086 chip=0x10fb8086 
rev=0x01 hdr=0x00
ix1@pci0:19:0:1:class=0x02 card=0x7a118086 chip=0x10fb8086 
rev=0x01 hdr=0x00


Do you have any recommendations on a 10Gb NIC (Fibre, Dual preffered) 
that can do VLAN and working stable on pfSense 2.0-RC1?



Thank you very much,
Frank Richter



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

[A Mohan Rao]

can provide video open vpn pfsense


Thanks

Mohan

On Thu, May 19, 2011 at 2:06 PM, J. Echter  wrote:

>  Am 19.05.2011 10:36, schrieb A Mohan Rao:
>
> right now i m using Endian firewall vpn server its working fine but its
> firewall and content filtering was not satisfactory working that's why i
> move to pfsense and i highly impress with pfsense 2.0 and 1.2.3, but its
> open vpn how works i m not able to find out any body can provide step step
> configuration and how to generate certificate is there any option or develop
> anybody like endian vpn vpn including vpn client software.
>
>
>
> Thanks
>
> Mohan
>
> On Thu, May 19, 2011 at 1:27 PM, Dominic  wrote:
>
>> Hi,
>>
>> I'd like to query if there is a way to have multiple server addresses
>> in an OpenVPN setup?
>>
>> I would like to add redundancy in the event of my provider going down,
>> I can then connect
>> to one of the other provider's IP's (I have 3 WAN interfaces on the
>> OpenVPN server machine).
>>
>> Is this possible or would I need to use a DNS address with multiple
>> records or DYNDNS type
>> solution.
>>
>> Any advice would be welcomed.
>>
>> Thank you,
>>
>> Dominic.
>>
>> -
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>> For additional commands, e-mail: support-h...@pfsense.com
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
>  something like this?
>
> http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
>

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

[J. Echter]

Am 19.05.2011 10:36, schrieb A Mohan Rao:
right now i m using Endian firewall vpn server its working fine but 
its firewall and content filtering was not satisfactory working that's 
why i move to pfsense and i highly impress with pfsense 2.0 and 1.2.3, 
but its open vpn how works i m not able to find out any body can 
provide step step configuration and how to generate certificate is 
there any option or develop anybody like endian vpn vpn including vpn 
client software.




Thanks

Mohan

On Thu, May 19, 2011 at 1:27 PM, Dominic > wrote:


Hi,

I'd like to query if there is a way to have multiple server addresses
in an OpenVPN setup?

I would like to add redundancy in the event of my provider going down,
I can then connect
to one of the other provider's IP's (I have 3 WAN interfaces on the
OpenVPN server machine).

Is this possible or would I need to use a DNS address with multiple
records or DYNDNS type
solution.

Any advice would be welcomed.

Thank you,

Dominic.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com

For additional commands, e-mail: support-h...@pfsense.com


Commercial support available - https://portal.pfsense.org



something like this?

http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

[A Mohan Rao]

right now i m using Endian firewall vpn server its working fine but its
firewall and content filtering was not satisfactory working that's why i
move to pfsense and i highly impress with pfsense 2.0 and 1.2.3, but its
open vpn how works i m not able to find out any body can provide step step
configuration and how to generate certificate is there any option or develop
anybody like endian vpn vpn including vpn client software.



Thanks

Mohan

On Thu, May 19, 2011 at 1:27 PM, Dominic  wrote:

> Hi,
>
> I'd like to query if there is a way to have multiple server addresses
> in an OpenVPN setup?
>
> I would like to add redundancy in the event of my provider going down,
> I can then connect
> to one of the other provider's IP's (I have 3 WAN interfaces on the
> OpenVPN server machine).
>
> Is this possible or would I need to use a DNS address with multiple
> records or DYNDNS type
> solution.
>
> Any advice would be welcomed.
>
> Thank you,
>
> Dominic.
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

[Dominic]

Hi Hans,

Apologies, yes I do mean on the client side.

I will modify my configuration with this. The fail over is not a huge concern
at this stage but is definitely good to know.

Thank you very much!

On Thu, May 19, 2011 at 10:09 AM, Hans Maes  wrote:
> On 05/19/2011 09:57 AM, Dominic wrote:
>>
>> Hi,
>>
>> I'd like to query if there is a way to have multiple server addresses
>> in an OpenVPN setup?
>>
> I assume you mean an OpenVPN client connection ?
>
>> I would like to add redundancy in the event of my provider going down,
>> I can then connect
>> to one of the other provider's IP's (I have 3 WAN interfaces on the
>> OpenVPN server machine).
>>
>> Is this possible or would I need to use a DNS address with multiple
>> records or DYNDNS type
>> solution.
>>
>
> Yes it is possible, OpenVPN handles this through specifying multiple
> "remote" servers.
> Since the pfsense OpenVPN Client setup page has only one "Server address"
> field which is translated to a "remote" line in the configuration, you can
> just add the others you need in the "custom options" field and they will all
> end up in the config file.
> OpenVPN will try them in sequence, so the first one is always tried first,
> if that fails it tries the second one, if that fails the third, ...
>
>
> The only issue I found with this is that if the first openvpn server comes
> back online but the second is also still available, OpenVPN will only go
> back to the first openvpn server by manually clicking "save" on the openvpn
> client page.
> So if you have a fast preferred primary openvpn connection and a slower
> failover connection, if the failover kicks in you have to manually kick it
> back to the primary link when it is available again. (but I guess you could
> script that somehow if that is an issue)
>
> Regards,
>
> Hans
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

[Hans Maes]

On 05/19/2011 09:57 AM, Dominic wrote:

Hi,

I'd like to query if there is a way to have multiple server addresses
in an OpenVPN setup?


I assume you mean an OpenVPN client connection ?


I would like to add redundancy in the event of my provider going down,
I can then connect
to one of the other provider's IP's (I have 3 WAN interfaces on the
OpenVPN server machine).

Is this possible or would I need to use a DNS address with multiple
records or DYNDNS type
solution.



Yes it is possible, OpenVPN handles this through specifying multiple 
"remote" servers.
Since the pfsense OpenVPN Client setup page has only one "Server 
address" field which is translated to a "remote" line in the 
configuration, you can just add the others you need in the "custom 
options" field and they will all end up in the config file.
OpenVPN will try them in sequence, so the first one is always tried 
first, if that fails it tries the second one, if that fails the third, ...



The only issue I found with this is that if the first openvpn server 
comes back online but the second is also still available, OpenVPN will 
only go back to the first openvpn server by manually clicking "save" on 
the openvpn client page.
So if you have a fast preferred primary openvpn connection and a slower 
failover connection, if the failover kicks in you have to manually kick 
it back to the primary link when it is available again. (but I guess you 
could script that somehow if that is an issue)


Regards,

Hans

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] OpenVPN - Server IP / Redundancy

[Dominic]

Hi,

I'd like to query if there is a way to have multiple server addresses
in an OpenVPN setup?

I would like to add redundancy in the event of my provider going down,
I can then connect
to one of the other provider's IP's (I have 3 WAN interfaces on the
OpenVPN server machine).

Is this possible or would I need to use a DNS address with multiple
records or DYNDNS type
solution.

Any advice would be welcomed.

Thank you,

Dominic.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org