Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Load balancer - it's not handling the vpn packets properly

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      manjula
      last edited by

      Dear friends!

      I'm using pfsense as a firewall + Dual WAN router with Leased line connection(WAN) and ADSL connection(OPT1). My ADSL is a not Static. It works fine but I have few problems.

      1.  I can connect to remote VPN servers but not always >:(
      3.  I can't connect to mysql through
      2.  When I logged into a remote website forum it disconnects frequently and take me to the log-in page - I think have a session problem on it
      session is not being held.

      Can I solve this problem by using only one connection for above usage (Probably I can ask the balancer to use only WAN for VPN) But still I don't know how to do it since I'm new to pfsense.

      Kindly help me to solve this
      Thanks  much!

      Manjula

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        1:
        http://forum.pfsense.org/index.php/topic,7001.0.html

        If you are using MultiWAN and your local LAN should be able to connect to the clients connecting to your network:
        You need to have a rule above your default rule (which has as gateway the loadbalancer)
        with desination your VPN-subnet and as gateway the default gateway (displayed as *) NOT the loadbalancer.

        2:
        advanced –> sticky connection.
        But i remember reading somewhere about a problem with this feature.
        Search the forum for more answers.

        3:
        What do you mean with that? Do you want to connect to a database outside?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          manjula
          last edited by

          Thanks Gruens!

          this is my fault, I haven't follow the pfsense's instructions properly. I could solve this problem here http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_Load_Balancing_pools

          Manjula

          Setting up for protocols that don't like load balancing

          Some sites (for example banking sites) get upset when requests from a single session come from different IP addresses. To avoid this, protocols that are likely to suffer from load balancing are setup to favour 1 connection.

          Note that use of the sticky bit (see above) should avoid this issue. If you are not using sticky bit, you definitely need this.

          For each protocol that needs to be handled this way you need a rule on the LAN interface; the sample below is for https (port 443). The values marked in bold are the ones that change for different protocols.

          These rules need to be above the final load balancing rule, and below the rules for DMZ access.
          Parameter Value
          Action Pass
          Disabled unchecked
          Interface LAN
          Protocol TCP
          Source: not unchecked
          Source: type LAN subnet
          Source OS Any
          Destination: not unchecked
          Destination: type any
          Destination port range HTTPS
          Log checked initially; uncheck when known to be working
          Gateway WAN1FailsToWAN2 - or WAN2FailsToWAN1 as you prefer
          Description Route https through one working connection

          Other entries you are likely to need are SSH and POP3. For these just replace HTTPS in bold above with the protocol you requre, and amend the description.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.