Recommendation
-
I've been running Pfsense now for less than a month and its been pretty good. Thanks to everyone who has worked hard on making pfsense what it is today.
Here's my recommendation: Create a sicky topic listing all of the services/packages that currently work well with loadbalancing/failover, and conversely have a list of those that don't work well. This is needed even more so now that the work being talked about in the bounty section is not slated to be publicly incorporated into pfsense until 1.3 is released. I think a sticky topic would save a lot of people a lot of time, frustration, and confusion.
Thanks! And keep up the nice work.
-
Did this list ever get made? If not, could you at least list the gotchas that you are aware of? Thanks!
-
check this out.
http://doc.pfsense.org/index.php/Multi-WAN_and_Compatibility -
@cmb:
check this out.
http://doc.pfsense.org/index.php/Multi-WAN_and_CompatibilityThanks! But I seem to recall reading somewhere that the Captive Portal didn't work with Multi-WAN? Or was it that Captive portal doesnt work with traffic shaping in the current stable release?
-
@http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43:
Limitations
* Can only run on one interface simultaneously.
* "Reverse" portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.
* Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.
* Currently not compatible with multi-WAN rules (will be fixed in the next release) -
I believe the multi-WAN compatibility is fixed in 1.2.1, but don't recall for sure. Try it and report back, if it sends all traffic out your primary WAN it's not fixed in 1.2.1 and must have just been 1.3.
-
@cmb:
I believe the multi-WAN compatibility is fixed in 1.2.1, but don't recall for sure. Try it and report back, if it sends all traffic out your primary WAN it's not fixed in 1.2.1 and must have just been 1.3.
Its sorta working. The actual captive portal part isnt quite working correctly. If a user on the LAN tries to go to www.cnn.com for example, the CP doesn't redirect them to the CP login page. However, if that same user were to manually browser to http://10.0.0.1:8000/ they would see the CP login pages and could successfully register their IP/MAC in the CP.
Additionally, once this LAN user is authenticated, if there is a WAN link failover, or a CARP cluster state change the LAN users traffic does change which WAN connection it is going out via. So I believe it is safe to say that multi-WAN plus CP traffic routing is fixed, but the problem with the CP redirect not working is a big issue at the moment that needs to be addressed.
-
CP and multi-WAN is still a problem in 1.2.1, I updated the previously linked page.