Using OPT1 as (second) WAN interface
-
There isn't a real second ISP for this setup so both WANs have the same gateway which is my local WAN router.
In Status->Gateways it currently shows WAN2 gateway of 192.168.1.1 which is my WAN router. The status shows "pending."
WAN1 interface is temporarily disabled so there is no Gateway information for WAN1. If I enable WAN1 it will have the same gateway as WAN2 and work fine.I read there may be some problem in pfsense using the same gateway IP address for WAN1 and WAN2. Should this still be an issue with WAN1 interface disabled?
-
Anyone mind sharing your OPT1 configuration for WAN? I got this working briefly without changing anything and I know it wasn't good without knowing what changed.
I backed up the config, did an upgrade to p7 RC build and now WAN2 is broken again. I restored the old configuration, but that didn't help. I don't think it has anything to do with the firmware version as I've tried 2.0.2 and two RCs with the same results.Wireshark captures shows only WAN1 requests address from DHCP server. WAN2 (OPT1) is not going out at all.
I also noticed in the Interface status that WAN2 has an IPv6 even though I've set IPv6 configuration in Interface WAN2 to NONE.
So WAN2 status shows Gateway 192.168.1.1 (the DCHP server) and IPv6 address, but no IPv4 address. As stated packet captures shows no DHCP activity from WAN2 MAC address.WAN2 firewall pass rule has IPv4* for Protocol, "none" for Queue, blank for Schedule, and * for everything else. This is the same as WAN1 which works fine.
Any hints will be appreciated. I've tried ZeroShell, Zentyal with no problems at all for dual WAN on the same setup, but would really like to stay with pfSense.
-
You can't have the same gateway for two WAN interfaces.
I'm also trying to understand why you are splitting your WAN connections across the same gateway. I don't completely understand what you're trying to do.
-
Thanks for the response. This didn't seem like the problem because when I disable WAN1 completely and try to get WAN2 to work by itself where there is no common gateway problem WAN2 still doesn't work. If having the same gateway for both WANs is the problem I can put a router or intermediate gateway with different IPs on both legs of the WANs and try. As I indicated this is a test setup, but there is no second ISP for this test bed. When I eventually deploy this in production there will be second ISP with different gateways.
-
Then, you need to emulate that as well. Setup a different subnet with a different GW for WAN2. Otherwise you are testing something that you will not use (1 ISP with multiple WAN links).
-
No problem emulating that, but would like to take one step at a time. Forget dual WAN for a moment - how can I configure OPT1 interface (with WAN interface disabled) as the only WAN port? If I can't get OPT1 to work as a single WAN link by itself due to misconfiguration then adding more to the setup for emulation wouldn't help much. Anyone knows why OPT1 can't work as the sole WAN interface by itself (with the default WAN interface disabled)?
Answers like
OPT1 as the only WAN link isn't supported in pfSense. You can only use it in multiwan configuration
OPT1 as only WAN link should work; you have a configuration problem; check abc and xyz
Here is a typical config for OPT1 as only WAN interface
etc.will be helpful. Thanks.
-
You can certainly use OPT1 as your internet facing interface. You are going to have to basically set it up just like the WAN.
First, setup a gateway on the opt interface and set it as default. You cannot have multiple default gateways, you will have to disable WAN interface and the associated gateway.
Then setup NAT. AON wants to use WAN, but if you switch to MON (manual outbound NAT) and change the interface from WAN to OPT1. Finally an allow all rule or at least tcp/udp port 53 and ports 80 and 443 for web based traffic. Generally, if you are going to do that, you are going to just use WAN as it is all setup for you. I understand that you are testing though. Let us know how that goes. -
Thanks.This is exactly the kind of pointers I was hoping for. I'll give this a shot again, but when I tried it before my posting I followed an approach similar to what you described. The only difference is instead of creating new NAT mappings for WAN2 I accepted the default for MON – i.e when I switched from AON to MON and saved it automatically populated mapping for WAN2 (OPT1) as follow:
Interface Source Src Port Dest Dest Port NAT Addr NAT Port Static Port
WAN2 192.168.3.0/24 * * 500 WAN2 Address * YES
WAN2 192.168.3.0/24 * * * WAN2 Address * NO
WAN2 127.0.0.1/8 * * * WAN2 Address 1024:65535 NOMy firewall rules for WAN2 were
Proto Source Port Dest Port Gateway Queue Schedule
IPv4 * * * * WAN2_GW none
TCPMy WAN2_GW is 192.168.1.1 which is also the DHCP server. This still didn't work. WAN2 wasn't able to get IP address from DHCP server and using static address didn't help. WAN1 when enabled did just fine. Do I need the first NAT mapping? Am I missing any NAT mapping or firewall rules?
Thanks. -
Maybe the NIC is bad? I mean the configuration shouldn't matter for the most part, it should be able to DHCP an IP if the interface is set to DHCP.
-
I have to agree, if set to DHCP, it should be able to pull an IP address. I would think that perhaps the nic/cable/switch port might have something wrong with it.
Traffic is probably getting to WAN2, but because of its issue will not get any farther. If you can start with the easiest, change ports, then change cable, and then change the NIC out.