Routing and Multi WAN

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

J

Having trouble accessing 2nd lan
• jeremynzl

1

0
Votes

1
Posts

29
Views

No one has replied
L

Route traffic from WAN over IPSEC to different network.
• l0rdrav3n

1

0
Votes

1
Posts

17
Views

No one has replied
M

Open SNMP service used for an atack
• moisesdfelix

5

0
Votes

5
Posts

53
Views

M

@jimp I created this rule on the WAN (attachment) but I do not know if it is enough. Port 161 was released in the output table and deletes it.
C

Policy Based Routing being ignored?
• cparkervt

6

0
Votes

6
Posts

87
Views

C

I'm aware of sharing MACs being the expected behavior, and they were separate subnets. However the reason for all of this is because the WAN comes in via one fiber pair and eventually we wanted to do HA and have a segment of the switch be the WAN. I had the two interfaces separated in pfSense into two PVID ports on the internal switch, and they were plugged into the same PVID marked ports on the main switch in the rack, and I saw that MAC bouncing between two of the ports in that VLAN on the main switch. If that's tough to follow I can sketch out how it was configured since it's good now, but we're using a really convoluted solution for now.
S

2 WAN - 2 LAN settings
• smir

2

0
Votes

2
Posts

32
Views

S

Thanks, i found solutions
K

Gateway down for 1 min, up again
• kbackas

1

0
Votes

1
Posts

19
Views

No one has replied
F

Interligar duas WAN
• fabianoheringer

1

0
Votes

1
Posts

18
Views

No one has replied
S

Failback from Primary WAN after failover to Secondary WAN
• samtoopid

2

1
Votes

2
Posts

47
Views

L

Thank you. I just got my failover WAN working. As it is also a metered connection I had noticed a lot of data use after failback and I was just looking into this. Was easy enough to deploy on my system. Just had to change the interface names to match mine. I triggered it manually to test and it seems to work fine. Will continue monitoring it. I was surprised that this was not already supported. thanks david
X

Multi-wan failover only triggering in certain situations.
• Ximerian

1

0
Votes

1
Posts

35
Views

No one has replied
R

Failover recovery isn't always working right for me
• Rezo

8

0
Votes

8
Posts

161
Views

S

Plugging/unplugging must trigger something that causes it to reset the connections on WAN2. What I found after extensive testing is that once a failover occurs and connections are established on WAN2, it will not break those connections and put them back on WAN1 unless forced to do so. I documented my method for getting fail-back to work, maybe not ideal but the only way I could get it working reliably. https://forum.netgate.com/topic/135614/failback-from-primary-wan-after-failover-to-secondary-wan
L

Getting Sprint 341u modem working
• lovingHDTV

3

0
Votes

3
Posts

69
Views

L

The cradlepoint works fine. Set it to IP passthrough, plugged it into an ethernet port, changed one routing rule to route my work computer to the wan_group instead for default gateway. I do no switch the default gateway on fail over. It fails over and back seamlessly for my pc. It screws up Ooma for some reason, but that is OK. So if anyone wants an LTE backup the cradlepoint makes it easy and they are quite cheap on ebay. thanks david
J

Force LAN Traffic Through OpenVPN Tunnel
• jlittle988

2

0
Votes

2
Posts

71
Views

A

@jlittle988 Hi, I have done this configuration, following this tutorial.. https://www.netgate.com/docs/pfsense/vpn/openvpn/routing-internet-traffic-through-a-site-to-site-openvpn-connection-in-pfsense-2-1.html what makes the magic is put this in Advanced Configuration -> Advanced -> redirect-gateway def1;
C

(Solved) bgpg connection from non-peer 192.168.0.4 refused
• cradulescu

2

0
Votes

2
Posts

56
Views

C

@cradulescu I have figureout how to solve this issue. There is a bug on openBGPD. Event I do setup the neighbors the conf dose not update so I have to update it manually ( I know is not recommended) . # This file was created by the package manager. Do not edit! AS 64500 fib-update yes listen on 0.0.0.0 router-id 192.168.0.1 network 192.168.0.1/24 neighbor 192.168.0.4 { remote-as 64501 descr "Kubernetes-Node01" } neighbor 192.168.0.8 { remote-as 64501 descr "Kubernetes-Node02" } #deny from any #deny to any Resault Kubernetes {"caller":"main.go:229","event":"serviceAnnounced","ip":"192.168.12.2","msg":"service has IP, announcing","pool":"default","protocol":"bgp","service":"default/elasticsearch","ts":"2018-09-16T14:37:20.876366531Z"} Resault pfsense: Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd Kubernetes-Node02 64501 337 327 0 02:42:09 1 Kubernetes-Node01 64501 337 327 0 02:42:09 1 OpenBGPD Neighbors BGP neighbor is 192.168.0.8, remote AS 64501 Description: Kubernetes-Node02 BGP version 4, remote router-id 192.168.0.8 BGP state = Established, up for 02:42:09 Last read 00:00:09, holdtime 90s, keepalive interval 30s Neighbor capabilities: Multiprotocol extensions: IPv4 unicast, IPv6 unicast 4-byte AS numbers Message statistics: Sent Received Opens 1 1 Notifications 0 0 Updates 1 11 Keepalives 325 325 Route Refresh 0 0 Total 327 337 Update statistics: Sent Received Updates 4 6 Withdraws 0 5 End-of-Rib 0 0 Local host: 192.168.0.1, Local port: 179 Remote host: 192.168.0.8, Remote port: 52807 BGP neighbor is 192.168.0.4, remote AS 64501 Description: Kubernetes-Node01 BGP version 4, remote router-id 192.168.0.4 BGP state = Established, up for 02:42:09 Last read 00:00:09, holdtime 90s, keepalive interval 30s Neighbor capabilities: Multiprotocol extensions: IPv4 unicast, IPv6 unicast 4-byte AS numbers Message statistics: Sent Received Opens 1 1 Notifications 0 0 Updates 1 11 Keepalives 325 325 Route Refresh 0 0 Total 327 337 Update statistics: Sent Received Updates 4 6 Withdraws 0 5 End-of-Rib 0 0 Local host: 192.168.0.1, Local port: 179 Remote host: 192.168.0.4, Remote port: 46850
H

Policy routing ignored with many gateways on WAN interface
• HanXHX

2

0
Votes

2
Posts

49
Views

Right. That is not how you do Multi-WAN. You would, instead, create a separate pfSense interface and put a gateway on each. P.S. pfSense 2.3 is all but dead.
N

DHCP on OPT If working but no Access to WAN
• noplan

2

0
Votes

2
Posts

67
Views

Manual outbound NAT? Did you add the rules for the 172.20.20.0/24 source network?
J

Traffic across OpenVPN tunnel
• jonathan.v

2

0
Votes

2
Posts

61
Views

Do you have policy routing (gateways set on rules) enabled on your local network? https://www.netgate.com/docs/pfsense/routing/bypassing-policy-routing.html
G

VPN Star topology
• Glacier

10

0
Votes

10
Posts

149
Views

G

Thanks for your input. I think i might have encountered some kind of software bug. After i delete all phase 2 settings, redid them and rebooted the pfsense box it started working.
K

Static Routes without Gateways
• kris.ke4ahr

4

0
Votes

4
Posts

81
Views

V

OpenVPN routing should be configured in the OpenVPN settings. Use the "Remote Network/s" box to enter the networks you want to route over the respective VPN. If you want to route traffic over a OpenVPN client, assign an interface to the client instance. Interfaces > Assignments. At "Available network ports" select the client instance (e.g. ovpnc1), hit Add, open the settings of the new interface, check Enable and set a proper name. No further configuration to make here! If you have done that pfSense also add a virtual gateway to the vpn connection which can be used in firewall rules for policy routing or also for gateway monitoring. But do not add static route to a vpn gateway! That's not recommended. As mentioned above, that is to be done in the OpenVPN settings.
F

Multi Wan setup and Notifications not working on failover
• fastfish

3

0
Votes

3
Posts

128
Views

F

Oh, and this option is only available in the dev 2.4.4...
J

Route traffic from Client VPN Network to Network on other side of Site-to-Site IPSec VPN?
• JimPhreak

20

0
Votes

20
Posts

242
Views

J

Grrrrrrrrrrrrr. Found the problem and it was of course my fault. I had a client specific override for my user account (which I knew about but never checked). In there, the 192.168.2.0/24 network was set as a "Remote Network" instead of a "Local Network." Deleted it form remote networks, added it to local networks and now all is working. I didn't realize there was an option for "Remote Networks" as that's not an option for the actual OpenVPN server itself.
R

Slow Inter-VLAN Routing
• RuudPaulissen

11

0
Votes

11
Posts

1498
Views

E

Hi Ruud And did you solved your issue? I have same issue. Routing between subnets is very slow (199kbit measured with iperf3). NAT between WAN and LAN (all VLANs) is working very well.
T

static route to a network, but only part of it is connectable
• tonyalbers

8

0
Votes

8
Posts

182
Views

T

Hi guys, Thanks for your help, I guess it's because of a NAT thing, there is an extra layer between me and the host I cannot connect to. I'm off to go move some cables around :) Thx again /tony
S

Need some help with PFsense and Edgerouter X routing
• sk8nerd81

1

0
Votes

1
Posts

38
Views

No one has replied
J

routing LAN servers via specific IP on /29 allocated WAN
• jimmychoosshoes

5

0
Votes

5
Posts

82
Views

J

@viragomann Good to know. I will need to enable "skip rules" and put a "block" rule after. I do not want email services egressing anywhere except WAN_1_IP2
F

Multiple WAN IP setup for servers
• FoolishlyWise

8

0
Votes

8
Posts

177
Views

F

All working. I forgot to enable NAT Reflection (and I only had the bright idea of trying to go to https://virtualIP using my phone off WiFi. Thanks for your help guys!
B

Cross-post from pfBlockerNG forum about policy based routing that stopped working
• bartkowski

1

0
Votes

1
Posts

46
Views

No one has replied
R

Gateway With Two OpenVPN Clients Not Working
• Rawr44

2

0
Votes

2
Posts

77
Views

R

Anyone?
S

VLAN IP to LAN IP - Not pinging
• slkamath

23

0
Votes

23
Posts

367
Views

S

@johnpoz Dear John, Thank you. My issue solved. I got confused and made everyone confuse. WAN- 203 Series LAN - 192 Series (192.192. series will change in few days to 192.168.) Currently Windows DC is running in that 192.192 series. So will change in few days. Please find the below link. https://forum.netgate.com/topic/134674/how-to-configure-3-ip-s-internet-restriction/20 Big Thanks to you John. No words to express my gratitude. Lokesh Kamath
A

Using Route-map to redistribute static route to OSPF
• albert.robert

1

0
Votes

1
Posts

44
Views

No one has replied
I

Policy base routing not working traffic is not forwarded to specified gateway and always go to the default gw
• iamhomer

36

0
Votes

36
Posts

645
Views

H

Only 23days to find a problem.... I wish my bosses were as nice
Cant reach WAN gateway from OpenVPN clients.
• jvelez88

1

0
Votes

1
Posts

52
Views

No one has replied
T

FRR - OSPF / Default gateway
• thesurf

4

0
Votes

4
Posts

100
Views

P

If the whole config is only one branch location, i would avoid ospf. Just setup a gateway group with failover to wlan on each site. If you are using openvpn site to site tunnel you can define both public ips for the tunnel target and the gateway group as main interface. The failover would be faster as with ospf and the routing problem, which is a problem with the carp configuration. Much better : if your provider router can take the wlan failover, with the bgp routing, you even don´t see the failover. My provider does it that way and this works perfectly.
G

Latency Issue
• gordc

3

0
Votes

3
Posts

119
Views

T

I'm afraid I won't be of too much use here, but it did occur to me to ask whether you really mean 50MB (as in 50 megabytes per second, or 400 megabits per second)? I'm assuming that's the case, because 50 megabits per second certainly shouldn't be stressing anything. Additionally, is the connection symmetric (50 upstream too)? Also I don't know whether this is really an option, but if possible I might suggest backing up your configuration and performing a fresh installation. Then you can see whether the problem exists even when you're starting from zero with no packages installed.
R

How do I limit bandwidth per computer for just Wan2?
• Rezo

1

0
Votes

1
Posts

66
Views

No one has replied
C

Connecting multiple branch offices back to HQ using cable and DSL
• coreybrett

7

0
Votes

7
Posts

122
Views

IPsec is ... faster.
M

Multi wan and right interface to use
• mmangiante

3

0
Votes

3
Posts

123
Views

M

Hello, thanks to fill my great ignorance; with your help I resolved the issue. Now I have this in the rule for LAN interface: and on the outbound NAT I set the correct interface: But now please you can explain something about that? The first thing is how I can go out via the 88.45.191.140 path even if I am on the WAN interface; or better, when I do traceroute I see that correctly I go out through the "desired" path and not that it is of default. The second question if about the starting path, i.e.: with the configuration that I have done initially I've seen that the flow is: 192.168.0.3 (swi1) 192.168.0.31 (pfs1) network desired hop while now with the correct gateway setup on lan->net 7 rule I see only 192.168.7.7 (swi1 address hsrp for net 7) *network desired hop so it seems that the pfsense is not engaged. Thanks.
J

DUAL WAN - vlan problem
• jacquesh

10

0
Votes

10
Posts

158
Views

Using failover, you do have to call out the group in the firewall rule. So yes if you want to allow traffic to your local vlans and not go out the specific gateway this is how its done. Its gone over here https://www.netgate.com/docs/pfsense/routing/multi-wan.html And in the book with more detail - everyone now has access to the book... I would suggest you take a look ;) https://www.netgate.com/docs/pfsense/book/multiwan/index.html
A

On-demand load balancing
• axsense2

10

0
Votes

10
Posts

237
Views

A

According to my testing sticky connection is not working as you described. When opening several connections from one machine both wan gateways are being used. And there are persistent connections still active AND all connections are established within sticky connection timeout. If it is supposed to work client based it is not doing that in practice. And that causes issues when a single software opens multiple connections and those are routed through different wan gateways. One test I made was pretty clear: opening www.whatismyipaddress.com in two browsers -> different wans. A.
T

Different routing behaviour when IP assigned by DHCP or statically
• TrickyD

1

0
Votes

1
Posts

79
Views

No one has replied
T

No Internet on Wan 2 with Multiwan setup
• tejas

2

0
Votes

2
Posts

87
Views

M

Hello @tejas you NAT outbound rules?

1 / 153

Having trouble accessing 2nd lan • jeremynzl

Route traffic from WAN over IPSEC to different network. • l0rdrav3n

Open SNMP service used for an atack • moisesdfelix

Policy Based Routing being ignored? • cparkervt

2 WAN - 2 LAN settings • smir

Gateway down for 1 min, up again • kbackas

Interligar duas WAN • fabianoheringer

Failback from Primary WAN after failover to Secondary WAN • samtoopid

Multi-wan failover only triggering in certain situations. • Ximerian

Failover recovery isn't always working right for me • Rezo

Getting Sprint 341u modem working • lovingHDTV

Force LAN Traffic Through OpenVPN Tunnel • jlittle988

(Solved) bgpg connection from non-peer 192.168.0.4 refused • cradulescu

Policy routing ignored with many gateways on WAN interface • HanXHX

DHCP on OPT If working but no Access to WAN • noplan

Traffic across OpenVPN tunnel • jonathan.v

VPN Star topology • Glacier

Static Routes without Gateways • kris.ke4ahr

Multi Wan setup and Notifications not working on failover • fastfish

Route traffic from Client VPN Network to Network on other side of Site-to-Site IPSec VPN? • JimPhreak

Slow Inter-VLAN Routing • RuudPaulissen

static route to a network, but only part of it is connectable • tonyalbers

Need some help with PFsense and Edgerouter X routing • sk8nerd81

routing LAN servers via specific IP on /29 allocated WAN • jimmychoosshoes

Multiple WAN IP setup for servers • FoolishlyWise

Cross-post from pfBlockerNG forum about policy based routing that stopped working • bartkowski

Gateway With Two OpenVPN Clients Not Working • Rawr44

VLAN IP to LAN IP - Not pinging • slkamath

Using Route-map to redistribute static route to OSPF • albert.robert

Policy base routing not working traffic is not forwarded to specified gateway and always go to the default gw • iamhomer

Cant reach WAN gateway from OpenVPN clients. • jvelez88

FRR - OSPF / Default gateway • thesurf

Latency Issue • gordc

How do I limit bandwidth per computer for just Wan2? • Rezo

Connecting multiple branch offices back to HQ using cable and DSL • coreybrett

Multi wan and right interface to use • mmangiante

DUAL WAN - vlan problem • jacquesh

On-demand load balancing • axsense2

Different routing behaviour when IP assigned by DHCP or statically • TrickyD

No Internet on Wan 2 with Multiwan setup • tejas

Having trouble accessing 2nd lan
• jeremynzl

Route traffic from WAN over IPSEC to different network.
• l0rdrav3n

Open SNMP service used for an atack
• moisesdfelix

Policy Based Routing being ignored?
• cparkervt

2 WAN - 2 LAN settings
• smir

Gateway down for 1 min, up again
• kbackas

Interligar duas WAN
• fabianoheringer

Failback from Primary WAN after failover to Secondary WAN
• samtoopid

Multi-wan failover only triggering in certain situations.
• Ximerian

Failover recovery isn't always working right for me
• Rezo

Getting Sprint 341u modem working
• lovingHDTV

Force LAN Traffic Through OpenVPN Tunnel
• jlittle988

(Solved) bgpg connection from non-peer 192.168.0.4 refused
• cradulescu

Policy routing ignored with many gateways on WAN interface
• HanXHX

DHCP on OPT If working but no Access to WAN
• noplan

Traffic across OpenVPN tunnel
• jonathan.v

VPN Star topology
• Glacier

Static Routes without Gateways
• kris.ke4ahr

Multi Wan setup and Notifications not working on failover
• fastfish

Route traffic from Client VPN Network to Network on other side of Site-to-Site IPSec VPN?
• JimPhreak

Slow Inter-VLAN Routing
• RuudPaulissen

static route to a network, but only part of it is connectable
• tonyalbers

Need some help with PFsense and Edgerouter X routing
• sk8nerd81

routing LAN servers via specific IP on /29 allocated WAN
• jimmychoosshoes

Multiple WAN IP setup for servers
• FoolishlyWise

Cross-post from pfBlockerNG forum about policy based routing that stopped working
• bartkowski

Gateway With Two OpenVPN Clients Not Working
• Rawr44

VLAN IP to LAN IP - Not pinging
• slkamath

Using Route-map to redistribute static route to OSPF
• albert.robert

Policy base routing not working traffic is not forwarded to specified gateway and always go to the default gw
• iamhomer

Cant reach WAN gateway from OpenVPN clients.
• jvelez88

FRR - OSPF / Default gateway
• thesurf

Latency Issue
• gordc

How do I limit bandwidth per computer for just Wan2?
• Rezo

Connecting multiple branch offices back to HQ using cable and DSL
• coreybrett

Multi wan and right interface to use
• mmangiante

DUAL WAN - vlan problem
• jacquesh

On-demand load balancing
• axsense2

Different routing behaviour when IP assigned by DHCP or statically
• TrickyD

No Internet on Wan 2 with Multiwan setup
• tejas