Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Running multiple routers in one pfsense using VLANs?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      Javik
      last edited by

      Is it possible to run more than one router in pfSense?

      Further reading here indicates that multi WAN to the same ISP may not work if both WAN links have the same ISP gateway. It is not clear if it actually does or doesn't work with 2.01.

      Some people suggest running additional pfSense boxes to put each modem on its own gateway, which although functional, consumes more energy, and requires more hardware.

      Apparently if I were to use VLANs, it should be possible to do everything from the one box with no additional hardware.

      VLAN1 - WAN1, PPPoE to modem #1
      VLAN12 - LAN1 for VLAN1 - Set to 192.168.2.1  – no hardware

      VLAN2 - WAN2, PPPoE to modem #2
      VLAN22 - LAN2 for VLAN2 - Set to 192.168.3.1  -- no hardware

      Gateway group:
      VLAN12 - Multi-WAN virtual link to LAN1 output
      VLAN22 - Multi-WAN virtual link to LAN2 output

      VLAN4 - LAN3 for gateway group - Set to 192.168.1.1 - used by clients

      Can this work?

      Doing something like this apparently would fulfill the need for each PPPoE to be on its own gateway, while not requiring additional hardware for the multi-WAN gateway group.

      VLAN12 and VLAN22 would have no assigned switch ports. They are purely virtual for passing data between the virtualized PPPoE gateways and the gateway group.

      1 Reply Last reply Reply Quote 0
      • J Offline
        Javik
        last edited by

        (Very quiet forum section, few responders? Oh well, I will just talk to myself and think out loud.)

        It looks like merging multiple router functions into a single box should be theoretically possible, though it is unclear if a pfSense virtual VLAN can send out data and have it picked up by another pfSense virtual VLAN.

        For the two PPPoE child routers:

        • Don't need DHCP, since the parent router will be the only receiver
        • Don't need NAT, since the parent router will be the only receiver
        • Firewall rules must be explicitly defined rather than using "any"
        • LAN side is a VLAN circuit only, no gateway groups defined here

        The parent router acts normal like a default configured pfSense, and uses DHCP and NAT.

        • Default-config WAN is not used, replaced by load balanced group
        • Don't firewall block data thru 192.168.x.x since that is required
        • Firewall rules must be explicitly defined rather than using "any"

        So the order of construction appears to be:

        1. Default install of pfSense creates the parent router

        • Set initial WAN to unused temporary VLAN X

        2. Create first child router and rules, using unwired VLAN A

        3. Chreate second child router and rules, using unwired VLAN B

        4. Build the gateway group with unwired VLAN A and VLAN B as members

        5. Disable the default WAN interface, change rules to point to gateway group

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.