Having used a vanilla pfsense box with seperate ADSL connection (draytek vigor 110 supplying pppoe), I continued to have exactly the same problem.

so no multiwan, or traffic balancing, or transparent proxy server issues (i'd spent a lot of time trying to troubleshoot this by scaling back the features i wanted to use).

Incidentally the tech in the government department who supply the test did say that they had problems with ISPs who used transparent proxies.

The solution was to use IPCOP instead - unfortunately i was completely unable to get this working with pfsense but a vanilla ipcop installation did the job fine. Which was nice in one way since i've been using ipcop for a good 5 years and found it to be excellent.

I will continue to use pfsense, as i consider it superior in many ways, in terms of the packages and reporting, and clearly it is actively being developed whereas ipcop seems to be taking a rest at the moment. But i can't use it as my sole solution, at least where these government tests are concerned.

Hi

Try to put these and see if it works:

On the server side of ovpn(let's say that is your box) -> edit -> at the bottom go to custom options and in the box add this line:

route 192.168.1.0 255.255.255.0

On the client side(let's say that is your parents box) ->edit -> custom options:

route add 192.168.0.0 255.255.255.0

hope it helps

Can I see a screen shot of how you have this setup?

What would make sense to have multiple different failover pools is, if you want different types of traffic which you want to go out a different WAN.

The wiki is an example of that.
You dont "need" multiple failover pools.
But if you just have a single failover-pool you will never make use of the second WAN unless the primary fails.
–> I makes sense to send some traffic out one WAN and other traffic to the other. (example: http traffic WAN1, everything else WAN2)
--> --> For that you need 2 failover pools.

with what you are saying; it is safe to have just one failover pool?

what should not be safe? ;)

check /usr/local/sbin/slbd*.sh

You can tweak it there

I discovered the hard way (before reading this) that they're still broken as of the 1.2.3-pre Feb 24th release.

Fortunately I came up with an easy work-around: since once connection is faster than the other, I prefer it for HTTP (port 80) connections and the slower one for everything else.  No problems since. (Note: "Prefer" = "Failover to" in the firewall rules "gateway" entry–just so there's no confusion.)

Of course, your mileage WILL vary...  :-\

Mike

ahaaa there it is :)

thank you :)

No ideas? I guess I will investigate how I might set up a 'smart' proxy on an internal machine then. I'll report my progress here and maybe if I come up with a solution, package it for pfSense. Maybe.

Edit: Okay, preliminary testing suggests that the server load balancing can be used in reverse to accomplish this. It seems to successfully detect broken servers and honour the policy routing (for multi-WAN), so I think it will work out. Now to try it in production…

I can't seem to get a transparent proxy NAT rule working though, I guess that was too much to hope for :P

Worked like a charm, thanks!

Works like a charm! Ty  :D

GruensFroeschli is of course completely correct, I was running two cable modems in DHCP mode but I found I was using static routes more and more. Then when one of the IP's changed it would screw it up. Not only that when a modem rebooted but not all the way I would get a link up but it would have a 192.168.x.x address and this would confuse things further. The most effective 'fix' is to bung a dirt cheep access point between each modem and turn its firewall off then you can set static IP's and add as many static routes as you like  ;)

Check out my setup <= May take a while to load under IE

Nobody has ever heard of something like this? Any ideas where I can find help on this problem?

Thanks in advance. Cheers,

Jorge.

Hi,

I'm actually facing the same situation.  I didn't really try too hard to get pfSense LB working with sticky connections properly, so what I ended up doing was using the session clustering of tomcat instead.  Works quite well actually.  The biggest catch is that all you session information must be serializable.  The added benefit of clustered tomcats is that if you need to restart one tomcat, you don't lose any of the sessions.

I know this doesn't answer your question, but thought it might give you another avenue if you can't get hte LB working as you wish.

Good Luck.  Let me know if you end up getting it working.

Thanks,

Eric