Load balancer - it's not handling the vpn packets properly
-
Dear friends!
I'm using pfsense as a firewall + Dual WAN router with Leased line connection(WAN) and ADSL connection(OPT1). My ADSL is a not Static. It works fine but I have few problems.
1. I can connect to remote VPN servers but not always >:(
3. I can't connect to mysql through
2. When I logged into a remote website forum it disconnects frequently and take me to the log-in page - I think have a session problem on it
session is not being held.Can I solve this problem by using only one connection for above usage (Probably I can ask the balancer to use only WAN for VPN) But still I don't know how to do it since I'm new to pfsense.
Kindly help me to solve this
Thanks much!Manjula
-
1:
http://forum.pfsense.org/index.php/topic,7001.0.htmlIf you are using MultiWAN and your local LAN should be able to connect to the clients connecting to your network:
You need to have a rule above your default rule (which has as gateway the loadbalancer)
with desination your VPN-subnet and as gateway the default gateway (displayed as *) NOT the loadbalancer.2:
advanced –> sticky connection.
But i remember reading somewhere about a problem with this feature.
Search the forum for more answers.3:
What do you mean with that? Do you want to connect to a database outside? -
Thanks Gruens!
this is my fault, I haven't follow the pfsense's instructions properly. I could solve this problem here http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_Load_Balancing_pools
Manjula
Setting up for protocols that don't like load balancing
Some sites (for example banking sites) get upset when requests from a single session come from different IP addresses. To avoid this, protocols that are likely to suffer from load balancing are setup to favour 1 connection.
Note that use of the sticky bit (see above) should avoid this issue. If you are not using sticky bit, you definitely need this.
For each protocol that needs to be handled this way you need a rule on the LAN interface; the sample below is for https (port 443). The values marked in bold are the ones that change for different protocols.
These rules need to be above the final load balancing rule, and below the rules for DMZ access.
Parameter Value
Action Pass
Disabled unchecked
Interface LAN
Protocol TCP
Source: not unchecked
Source: type LAN subnet
Source OS Any
Destination: not unchecked
Destination: type any
Destination port range HTTPS
Log checked initially; uncheck when known to be working
Gateway WAN1FailsToWAN2 - or WAN2FailsToWAN1 as you prefer
Description Route https through one working connectionOther entries you are likely to need are SSH and POP3. For these just replace HTTPS in bold above with the protocol you requre, and amend the description.