Multiwan and outgoing traffic from pfSense

laurentl

Hello,

i have setup a multiwan configuration by following this tutorial: http://doc.pfsense.org/index.php/MultiWanVersion1.2.
i have test the failover by unpluging the WAN connection, and everything works fine for the LAN clients behind the pfSense, they still have internet.

but i have some problem with local outgoing traffic from the pfsense:
since the default route is always set to WAN's gateway, when the WAN connection is down i no longer have outgoing traffic from pfSense.
i need to delete manually this default route to add a new one for the WAN2's gateway.

i dont understand why the default route is always set on WAN's gateway and it is not a multipath route when the 2 wan connection are alive and automaticaly set to the good gateway when a wan connection is done.

i think i have miss something.

thanks in advance for your helps.

sai

the gateway in the firewall rules should be the one of the load balancer pools.

GruensFroeschli

pfSense itself uses the local routing table which has only one default gateway.

The loadbalancer for the clients does not use the routing table on pfSense but forces the traffic directly to the gateways you specify in the balancing pools.

What exactly is you problem?
What kind of server do you need to have access to from WAN1 and WAN2 on pfSense itself?

laurentl

@GruensFroeschli:

pfSense itself uses the local routing table which has only one default gateway.

The loadbalancer for the clients does not use the routing table on pfSense but forces the traffic directly to the gateways you specify in the balancing pools.

What exactly is you problem?
What kind of server do you need to have access to from WAN1 and WAN2 on pfSense itself?

my problem is that i have configured an openvpn client on the pfsense and if i lose the WAN connection i cant re-connect my vpn on WAN2 because the default route still stay on WAN's gateway.
i need to change the default route to the WAN2's gateway to remount my openvpn tunnel.

GruensFroeschli

So you basically want OpenVPN failover.
This is not possible through the gui.

You could search the forum for other threads that deal with failover of services on pfSense itself.
I know there are such threads around that dont deal with OpenVPN but lead to the same thing.

laurentl

@GruensFroeschli:

So you basically want OpenVPN failover.
This is not possible through the gui.

You could search the forum for other threads that deal with failover of services on pfSense itself.
I know there are such threads around that dont deal with OpenVPN but lead to the same thing.

ok but another example, i cant list available package on the pfsense interface since the default gateway is wrong and output traffic is no longer routed.
is there any reason to not switch the default gateway to the current available connection ?