Netgate SG-1000 microFirewall

Author Topic: "centerless" virtual network  (Read 100 times)

0 Members and 1 Guest are viewing this topic.

Offline Lurker23

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
"centerless" virtual network
« on: October 31, 2017, 01:19:40 pm »
This question spans across multiple sections of this forum, so moderators feel free to move it where you think it's more appropriate.

Let's say I have three pfSense boxes (FW1,2,3), each in different location, thus each on it's own WAN, each posing as OpenVPN server.
For sake of this scenario example, each OpenVPN server has two clients (C11,12,21,22,31,32) connecting via WAN. In case any of the FWs goes down, its clients jumps to other server.

I'd like to achieve, that all clients appear on the same subnet, can reach any other and are keeping their IP, regardless on what server they are currently connected to. They do not need to reach FWs themselves except for estabilishing the vpn connection, whole "magic" could (and probably has to be) transparent for the clients. There is no LAN-VPN transitions, each client has its LAN or Internet GW as usual, but also access to this virtual network, existing only among these FWs.

I could imagine this would require several OpenVPN servers for FW-FW "mesh", where one FW is server and other FWs are its clients. There also need to be OpenVPN connection scripts (be it serverside or client side) for the clients. There also has to be a way of advertising which client is on which server so the others know. Then, how to assure that client-client connection picks the right path (and appear to each other as on the same LAN). Of course, when client is reconnecting from one server to another, it renders him offline from this virtual network.

The question is not why, but how, by what means. Or there is simply no possible way of achieving this? If so, what is most close doable scenario?
« Last Edit: October 31, 2017, 01:24:32 pm by Lurker23 »