Two Pfsense each with Seprate Internet routing each other

johnpoz

That is as far as I got before I had to go to work.. At work now - need to finish up some morning stuff.. Then will finish it.. So do you have your transit up and working.. Can each pfsense ping the other pfsense via the transit network you set up?

johnpoz

Ok - so now I have created the gateways pointing to the other pfsense transit IP..

See attached. Notice I set ipv6 on each wan of pfsense to none. This is only ipv4 setup and figured just remove ipv6 to have it look cleaner.

gateways.png_thumb

johnpoz

So now I have created the routes on each pf pointing to the network on the other pfsense.

See attached.

So there is a machine on each network 192.168.0.100 (site1) and 192.168.10.100 (site2)

So you can see they can ping the other machine on the other network, and if you do a trace route. They hit their pfsense, go across the transit and hit the other side 192.168.1.1 or .2 depending on the direction your going.

I will now create the gateway group and create the rules to allow if your local internet is down to use the other sides internet..

routestoothernetworks.png_thumb

johnpoz

Ok..

So I created gateway groups on each side.

I used packetloss or high latency.. as the failover method.

I then added rule on the lan to allow the other network using default routing.

Then on the default lan rule changed its gateway to use the failover group.

Now when I simulate a failure on the site2 wan it goes out the site1 connection - which you can see from the traceroutes.

Any questions just ask..

gatewaygroup.png_thumb

editlanrules.png_thumb

nofailover.png_thumb

failedoverroute.png_thumb

irs

@johnpoz:

Sorry did not see your response.. I will try and fire up 2.3.4p1 today and get your screenshots. But to be honest have already given you all the steps..

johnpoz

huh?? Dude I have posted all kinds of screenshots showing all the different steps.

irs

I am really thankful once again for the efforts you extended for me I will use these instructions and post the after successful implementation.

irs

I followed all the instructions and images you have described but sofar am unable to get the internet on pf2.

pfI can access both pfsense but no internet on 192.168.10.0/24 network (the wan is down on pf2 [192.168.10.0/24])

irs

I followed all the instructions and images you have described but sofar am unable to get the internet on pf2.

I can access both pfsense (pf1 & pf2) but no internet on 192.168.10.0/24 network (the wan is down on pf2 [192.168.10.0/24])

pf1 wan is up and working fine.

![pf2 dashboard.PNG](/public/imported_attachments/1/pf2 dashboard.PNG)
![pf2 dashboard.PNG_thumb](/public/imported_attachments/1/pf2 dashboard.PNG_thumb)
![pf1 dashboard.PNG](/public/imported_attachments/1/pf1 dashboard.PNG)
![pf1 dashboard.PNG_thumb](/public/imported_attachments/1/pf1 dashboard.PNG_thumb)

johnpoz

"(the wan is down on pf2 [192.168.10.0/24])"

well that would be a problem now wouldn't it.. How would it work if the wan is down?? That has nothing to do with the transit or connectivity between the pfsenses, etc.

Why do you have 2 transits?

What sort of wan do you have that it doesn't show an interface assigned to it for speed and duplex, etc.

irs

The wan is down since morning on site 2 (pf2) but the site 1 has the internet (pf1) wan is working

irs

@johnpoz:

"(the wan is down on pf2 [192.168.10.0/24])"

well that would be a problem now wouldn't it.. How would it work if the wan is down?? That has nothing to do with the transit or connectivity between the pfsenses, etc.

Why do you have 2 transits?

What sort of wan do you have that it doesn't show an interface assigned to it for speed and duplex, etc.

i made another Transit just to see if i have made something wrong.

irs

if one wan on any pf goes down wouldn't it takes over to other pf wan which is up through transit?

irs

what should I do?

johnpoz

Yeah if you set it up like that.. But yours doesn't seem down - it was pending, and looks like you removed the interface from it or something?

And why do you have 2 transits? How did you configure your failover? You should simulate it being down by blocking ping at pfsense gateway, that is how I did it. Or mark the gateway down. But you should validate that your can talk to each others networks and go out your local wan before trying to test the failover, etc.

irs

i have changed the transit now only one transit

irs

it is showing up online now

![pf2 dashboard update.PNG](/public/imported_attachments/1/pf2 dashboard update.PNG)
![pf2 dashboard update.PNG_thumb](/public/imported_attachments/1/pf2 dashboard update.PNG_thumb)

irs

pf1 internet is working fine, still can not figure out what mistake i made?

![ping 2.PNG](/public/imported_attachments/1/ping 2.PNG)
![ping 2.PNG_thumb](/public/imported_attachments/1/ping 2.PNG_thumb)

ping.PNG_thumb

irs

can you explain from where the gateway 192.168.9.253 and 192.168.2.253 comes from

you have used in your snapshot
System > Routing > Gateway

Thx

irs

I tried again but same no luck, completely from scratch.

Both firewall communicate each other but can not access Internet.

I created transit on both firewall

Created LAN on each of them

Gateway, Static route and gateway group failover on each pfsense

Firewall LAN allowed

firewall Transit interface allowed

but unlucky to get the internet

please help me to find the problem?
Thx