Two Pfsense each with Seprate Internet routing each other

irs

Thx agin,

Yes I am using 2.3.4p1

irs

Thx agin,

Yes I am using 2.3.4p1

Do you find some time to have the screen shorts?
Thx

johnpoz

Sorry did not see your response.. I will try and fire up 2.3.4p1 today and get your screenshots. But to be honest have already given you all the steps..

irs

I appreciate your efforts and help you extended, I am since new i am somewhat like to see what and how.

I again thankful for your efforts and letting me to lurn.

johnpoz

If your so new to this - why are you involved in routing traffic between 2 sites with a fiber connection and multiple internet connections? Make zero sense to me.. What is the current configuration of these sites?

irs

actually i am new in pfsense and the couple of friends are working together to learn and use each other internet from far as i told you earlier.

my apartment is about 2000ft away from my other friend. we have lurned how to splice OFC cable and it was fun.

now as i was reading about pfsense multi wan and fail-over i need to create two way traffic between us.

my other neighbor already sharing my internet.

I have earlier develop a VPN between me and my another fried who lives in Chicago. I am luring a lot but some time its not that easy as tech like you can do.

when can I expect the screen short?

Thank you again.

irs

@johnpoz:

Sorry did not see your response.. I will try and fire up 2.3.4p1 today and get your screenshots. But to be honest have already given you all the steps..

johnpoz,

Any news?

johnpoz

Ah makes more sense now ;)

I am firing up the VMs now - I have pf1.site1.lan up and running on 2.3.4p1, installing pf2.site2.lan and then can start taking screenshots..

So this is how I have duplicated your setup

pf1.site1.lan
em2 wan: 192.168.9/24 (site 1 internet)
em0 lan: 192.168.0.1/24
em1 transit: 192.168.1.1/30

pf2.site2.lan
em2 wan: 192.168.2/24 (site 2 internet)
em0 lan: 192.168.10.1
em1 transit: 192.168.1.2/30

I want to get the the 2 pfsense up and running and then take vm snapshots, etc. So can roll them back real easy to new.. If you need me to walk through different steps, etc. Sorry taken a bit but got side tracked ;) pf2 is almost done its updating to 2.3.4p1 now.. But I have to go out for my morning walk, and then get ready for work here soon. But now that have them up and running configure your setup from work and take screenshots, etc. So for sure later today have pretty walk through for you…

pf1.png_thumb

pf2.png_thumb

johnpoz

Ok created the firewall rule for transit and now pf1 and pf2 can ping each other over the transit. I would hope you have gotten this far?

transitup.png_thumb

irs

screen shots.

johnpoz

That is as far as I got before I had to go to work.. At work now - need to finish up some morning stuff.. Then will finish it.. So do you have your transit up and working.. Can each pfsense ping the other pfsense via the transit network you set up?

johnpoz

Ok - so now I have created the gateways pointing to the other pfsense transit IP..

See attached. Notice I set ipv6 on each wan of pfsense to none. This is only ipv4 setup and figured just remove ipv6 to have it look cleaner.

gateways.png_thumb

johnpoz

So now I have created the routes on each pf pointing to the network on the other pfsense.

See attached.

So there is a machine on each network 192.168.0.100 (site1) and 192.168.10.100 (site2)

So you can see they can ping the other machine on the other network, and if you do a trace route. They hit their pfsense, go across the transit and hit the other side 192.168.1.1 or .2 depending on the direction your going.

I will now create the gateway group and create the rules to allow if your local internet is down to use the other sides internet..

routestoothernetworks.png_thumb

johnpoz

Ok..

So I created gateway groups on each side.

I used packetloss or high latency.. as the failover method.

I then added rule on the lan to allow the other network using default routing.

Then on the default lan rule changed its gateway to use the failover group.

Now when I simulate a failure on the site2 wan it goes out the site1 connection - which you can see from the traceroutes.

Any questions just ask..

gatewaygroup.png_thumb

editlanrules.png_thumb

nofailover.png_thumb

failedoverroute.png_thumb

irs

@johnpoz:

Sorry did not see your response.. I will try and fire up 2.3.4p1 today and get your screenshots. But to be honest have already given you all the steps..

johnpoz

huh?? Dude I have posted all kinds of screenshots showing all the different steps.

irs

I am really thankful once again for the efforts you extended for me I will use these instructions and post the after successful implementation.

irs

I followed all the instructions and images you have described but sofar am unable to get the internet on pf2.

pfI can access both pfsense but no internet on 192.168.10.0/24 network (the wan is down on pf2 [192.168.10.0/24])

irs

I followed all the instructions and images you have described but sofar am unable to get the internet on pf2.

I can access both pfsense (pf1 & pf2) but no internet on 192.168.10.0/24 network (the wan is down on pf2 [192.168.10.0/24])

pf1 wan is up and working fine.

![pf2 dashboard.PNG](/public/imported_attachments/1/pf2 dashboard.PNG)
![pf2 dashboard.PNG_thumb](/public/imported_attachments/1/pf2 dashboard.PNG_thumb)
![pf1 dashboard.PNG](/public/imported_attachments/1/pf1 dashboard.PNG)
![pf1 dashboard.PNG_thumb](/public/imported_attachments/1/pf1 dashboard.PNG_thumb)

johnpoz

"(the wan is down on pf2 [192.168.10.0/24])"

well that would be a problem now wouldn't it.. How would it work if the wan is down?? That has nothing to do with the transit or connectivity between the pfsenses, etc.

Why do you have 2 transits?

What sort of wan do you have that it doesn't show an interface assigned to it for speed and duplex, etc.