• 3 routers for a school network

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    D

    I know about the IP. Those ip's are atm but will be changed once I get the set up right.
    I'm using 1 router atm for the server but I cant even get that one to work ><

  • PfSense to replace Cisco Router / Firewall

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    M

    Yup,  I had that thought too Dotdash, but when I attack this similar problem in my setup, I'm going to try my darndest to get rid of any box I can.

    BairdMJ, pick your approach and choose your poison.  Degree of difficulty is up to you.  Me?  The harder stuff always plagues me for a second attempt after I wimp out the first time.

    –J

  • Basic pfsense / OSPF configuration

    Locked
    1
    0 Votes
    1 Posts
    4k Views
    No one has replied
  • Routing issue for OpenVPN Clients

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    R

    I edited the ascii diagrams to make it more clear.

    There is no tunnel between Office 1 and 2 like in OpenVPN routing mode. Router 2 at Office 1 and the Router at Office 2 are making a IPSEC net to net connection.

    So the static routes should be ok like in the ascii diagram i think. But still an Roadwarrior traceroute to Office 2 ends always at 192.168.10.4.  ???

  • Publishing www etc services via multi wan

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    @mericksonj:

    I've always seen true multi-wan as advertising your single IP address space through your backup WAN provider to the internet.  This space should be public and as long as the two ISPs peer properly to allow it, this is by far ideal in every way.

    Round robin DNS is your secondary cludge to make use of two sets of IP addresses, but it works and is probably what I'll set up in my home datacenter when I get to it.

    For that to work you need to get your own set of IPs and do BGP routing on both ISP links. For many, that can be cost-prohibitive, but it is the ideal solution.

  • PfSense - 1 Internet gateway + 1 MPLS - Static routes?

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    M

    I see nothing wrong with it, it seems a very good solution, just remember to set the gateway on the IP configuration for your OPTx interface, and set rules, routes and such appropriately to allow (or dis-allow) access.

    The DNS issue however, may be because the DNS doesn't have a route back to your network to reply to the DNS queries.

    If that's the case, even your forwarder would have a problem.  You'll also have to be prepared with static routes or routing on the PFsense#1 to handle any DNS resolved destination IP you get in reply to your query…

  • Using PFSense on MPLS circuit to protect site to site

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    M

    Regarding your suggestion to use IPSEC for failover,  and who's responsibility is it to provide internet access.

    The MPLS provider would/should be able to provide internet access for you if you'd like, you can also reject their internet service or ask them to use a separate VC/VLAN/DLCI on the CE<>PE connection that will be direct to internet.  You can most definitely use IPsec across their MPLS network, and it may even still be suggested if you don't want unencrypted raw traffic on their "trusted" network. (remember, from their core perspective, there is nothing confidential about MPLS, just a few protocol shim headers "popped" and your IP datagram and company secrets are exposed.)

    It will not be difficult to firewall your internet access (if provided by the MPLS provider) with the PFsense in this scenario. The best option is to put your own PFsense on the LAN side of each CE (customer edge) router they give you and treat them as an un-trusted network if you go this route.

    If you want a separate DSL or other ISP services at each site for failover VPN  and internet purposes, you can still do that with the PFsense using an OPTx interface and another set of IPSEC tunnels to be back-up.

    your IPSEC tunnels can be run PF<>PF from site to site over the MPLS and if that goes down, the DSL would/should automatically take over.  Just run the cost/benefit analysis; an MPLS architecture, if they're doing it right, is redundant by itself.  As long as they have redundancy in the core it should re-route itself easily.  Your only protecting yourself from a "last mile" outage and hoping that your MPLS proider isn't on the same transport run/LEC as your DSL/ISP provider.

    Hope this helps!
    –James

  • Failover filter bridge

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • LAN side static routes and piss poor performance - TCP window size

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • Multi WAN setup suggestions and approach

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    That should be possible. You can set the policy routing up however you like, and the port forwards/NAT as well.

    You might consider instead of making WAN1 only for LAN1, that it would use a load balancing pool that merely prefers WAN1 and would fail to WAN2 if it goes down. You can set that up both ways so that LAN2 will prefer WAN2 but use WAN1 if it goes down.

    You can follow the multi-wan setup guide on the Doc wiki to get an idea of how it is done: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

  • PPTP with OPT1?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    GruensFroeschliG

    This is not possible with 1.2.3
    afaik 2.0 will have this ability.

    You should be able to configure the modem on your OPT to do the authentication for you and present a normal ethernet interface.

  • Youtube.com using OPT1 only

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    and for all streaming video site? to complicated with all ip

  • Preference on a particular link on muti wan

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    GruensFroeschliG

    You dont understand.
    New connections will always go to the WAN which is topmost and up.
    If the primary wan goes down and comes back up, new connections will
    go to the primary wan but old connections created while it was down will stay on WAN2.
    There is no way to reassign already established connections.

  • Multiple home and static routing

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    It's not yet possible to have multiple paths to reach the same destination network in that way, even if they are all internal.

    You might be able to pull this off if all of the involved routers can run some kind of dynamic routing protocol (RIP? OSPF? BGP?), but someone else may have to chime in on that if it's even possible.

  • Loadbalanced WAN strangeness with one WAN failure

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    K

    No, but neither has it appeared again for me to know it's still an issue in 1.2.3 final.

  • OPTWAN BLOCKS RETURN PACKET SAME WAN SUBNET

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    C

    Eugene thanks for the hand!

    SOLUTION ADOPTED. Just to have documented in case other people also needs this.

    Since I'm a new to PF (pfsense) I didn't manage to correctly solve this subnet routing problem. So as I'm using Virtual machines for PFsense, I just created a PFSENSE02 machine, and now my current PFSENSE01 has its WAN with a static DMZ ip address. This way I could isolate the subnets avoiding routing problems.
    I'm far from proud of the solution adopted, but business comes first, so what matters is making the clients happy!

    INTERNET (cable) –- WAN-PFSENSE02-LAN ---- WAN-PFSENSE01-OPTWAN --- INTERNET (symetric line)
                                                                                        |
                                                                              LAN / DMZ / OTHER NETs

  • Problems with additional VPN Router

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    A

    I#ve made a diagram of our network setup for better understanding.

    The goal is, that clients within the 10.10.10.x network can access the 10.150.111.x network. They currently can ping the 10.150.111.20 ip (this is the opt1 interface at pfsense) but can't ping the 10.150.111.17 adress (this is the vpn router)

    iW_-_Setup.png
    iW_-_Setup.png_thumb

  • Static route

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    A

    can you describe what solved your problem? because i have the same :)

  • Multiple Satellite WAN Questions

    Locked
    16
    0 Votes
    16 Posts
    8k Views
    T

    I still think it is all caused by the high latency of the satellites.

    In the pfsense book,

    the command that is checking for a failure is:

    ping -t 5 -oqc 5 -i 0.7

    This is what may be causing your problems, due to latency.
    It only waits 0.7 seconds between each ping and it waits 5 seconds for a response.

    According to the book these options are user changeable in 2.0 but jimp or cmb know where this setting is held. That would allow you to tweak it in version 1.2.3

  • FTP - MultiWAN

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    W

    Sorry I forgot to mention Http works fine and it fails over fine, but ftp does not even connect with the LoadBalancing & FailOver  Setup

    Thank You

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.