Balance Gateways when Gateway and WAN are on different subnets
-
Yes, definitely possible.
-
What is your primary objective in setting up a 'Gateway Group' ? Failover or Load Balancing ?
-
quick answer. ;D
balancing as wirtte in the subject ;D
but gateway monitoring doesn't work, does it?
thx
-
Yes, it does work. You just need to set the monitor IP to an 'always-on' working DNS, such as Google DNS (8.8.8.8 or 8.8.4.4) or OpenDNS (208.67.222.222 or 208.67.220.220), and one more thing (just my personal preference, set the value of 'Alert Interval' to its half, such as 1000 miliseconds to 500 miliseconds).
I hope this helps :)
-
mmh. monitor ip is already set to google dns. widget still shows gateway is offline.
-
ok i cannot ping the internet from the wan interface whose gateway is on different subnet. default route is correctly set.
-
Can you post your firewall rules for LAN and WAN (all), 'General Setup' and 'Routing' (including 'Gateways' and 'Gateway Group') ?
This would provide me a better insight. -
ok, disabling gateway monitoring brings back the balance gw group to game.
what i meant by not being able to ping the internet is, that i cannot ping when chosing the wan interface that has a different subnet than the gw.
so all clients can ping just fine. weird.
-
Which pFsense release are you running ? Because Gateway Monitoring should never cause any problems. After all, all it does is monitor the interface whether there is any packet loss or high latency occurring. And yes, Gateway monitoring is important in order to make a Gateway Group work properly.
-
release is 2.3.2 patch 1.
take the following config:
2 wan for balancing
wan1 interface and gateway ip in the same subnet (monitoring working)
wan2 interface ip (private 24 subnet) gateway public 29 subnet (monitoring not working - shows offline) (diagnostic ping from wan2 100% packet loss)
if i change wan2 interface ip back to one from the 29 subnet, ping from wan2 and gateway montoring is working
-
Does your setup work in pFsense CE 2.3.2 release ? If not, just try out the latest 2.4 snapshot, running the latest FreeBSD version 11.
I am running the latest development release and everything is working awesome. I have a Quad-WAN setup, all set to 'Tier 1' priority level. And yes, load balancing works 'perfectly' unlike that in 2.3.2 release, which suffered many hiccups with the same setup.Link for download : https://snapshots.pfsense.org/amd64/pfSense_master/installer/pfSense-CE-memstick-2.4.0-DEVELOPMENT-amd64-latest.img.gz
-
Balancing is working when gateway monitoring is disabled, assuming all gateways are always up and running.
what bothers me is the ping issue from within pfsense when chosing wan2 interface as source address.
maybe this is by design which i dont think and i hope that someone with a similar config as mine can test it.
-
It would be helpful if you could post screenshots of your config. Only then can I surely help you out.
-
so, i attached some configs. i want to clearify that when wan and gateway reside on the same subnet everything works fine.
-
Okay, that's alright.
Just make a few changes.
#1 Change monitor IP of :
A.1. WAN1_STATIC to 8.8.8.8
A.2. WAN2_STATIC to 8.8.4.4
Press, Save.B. Set 'Alert Interval' value of both gateways as 500.
#2 Now, go to 'System' - 'General Setup'
Under 'DNS Server Settings', change 'DNS Server 1' to 8.8.8.8 and choose WAN1_STATIC from the drop down menu, given beside;
and 'DNS Server 2' to 8.8.4.4 and choose WAN2_STATIC from the given list.Press, Save.
Now, tell me your current status, and yes, post screenshots of the same.
-
i already tried your config before. here are screen shots.
-
First, is your second WAN really online ? Have you checked that out, by connecting it to a basic router ?
Second, how is the second WAN been connected to your ISP ? Is it a normal setup such as ISP - Modem - pFsense, or something else ? And yes, is your second WAN on PPPoe or is it having a static IP ?
I am waiting for your reply.
-
first of all, all networks connected to the pfsense find their way out through wan2. so, yes, wan2 is online.
if wan2 gets an ip from the /29 subnet where the gateway resides, then ping from wan2 to internet and gateway monitoring is working.
my intention was not to waste 2 ip addresses for the pfsense boxes ha cluster from the /29 subnet.
-
Okay. That sounds great.
Could you provide me a graph on how all your WAN connections are been forwarded, because I am getting confused by this statement of yours, "first of all, all networks connected to the pfsense find their way out through wan2." ?Uncheck 'Block Private Networks' in WAN2 interface and tell me the result.
I will be glad to help you.
And yes, don't forget to provide me a graph :)
-
1. why would i uncheck block private networks? doesnt make sense.
2. all networks just as lan, opt1, opt2, optx can ping the internet leaving on either gateway (wan1 and wan2). so routes must be correct. pfsense itself can ping the internet on all interfaces except wan2. when wan2 gets an ip from the gateways subnet, pfsense can ping the internet on wan2 again.
3. for balancing gateway monitoring must he working or disabled assuming gateways are allways up and running.
if you have a similar config as i do, maybe you could post some screenshots.
