Guide on how to setup Dual Wan on pfsnse 2.4.4?

jason001

Yes my WAN1 works fine 100% My WAN2 works 100%.
At moment im using WAN1 iv tested WAN2 directly connecting to the WIFI aslo LAN on switch.. Its something in PFSENSE..

stephenw10

Ok, so like I said, try large ping packets, try test port over WAN2.

What is the result? If it fails, what is the error?

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

.
Try using the test port fucntion in pfSense (Diag) to open a tcp connection using the WAN2 source IP

Iv tested all just say "successful"

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Ok, so like I said, try large ping packets, try test port over WAN2.

What is the result? If it fails, what is the error?

Doesn't seem to give error.. just (successful) ping works.., iv tried larger ping (also work) tried test port says: successful

stephenw10

Ok. Are you using a failover group as the default gateway? If so can you test port out without setting a source when WAN1 is down?

We are probably going to need to see some screenshots of your config to diagnose this.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Ok. Are you using a failover group as the default gateway? If so can you test port out without setting a source when WAN1 is down?

i wanted to setup a failover group but since this error i deleted it..
but il setup again and post screenshot

jason001

This is the config i used:

gateway group failover config FailOver Config.png FailOver Auto.png

Lan rule: Lan Rule.png
Advance Tab.png

gateway:

lan detail: lan detail.png

wan1 detail: wan1 detail.png

wan2 detail: wan2 detail.png

stephenw10

Your LAN firewall rule with the failover gateway needs to be above the default allow any rule. Right now no traffic is hitting it.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Your LAN firewall rule with the failover gateway needs to be above the default allow any rule. Right now no traffic is hitting it.
I Know..
1: If move it to the top and wan1 disconnect/fail i don't have internet.

2: Also if i move it i cant access my router

4g interface not working.png

but if i move rule down.
4g router.png

and i have ping even if wan1 is plugged out! running only on router wan2.

wan2 ping but no page load 2.png

But again cant load pages.
wan2 ping but no page load.png

stephenw10

If that's the WAN2 router then you will need another rule above that with just that destination with no gateway set so you can access it.

Without that rule above the default pass rule your traffic only ever uses the default route which looks like it's via WAN1. It needs to be there for failover to work.

However it looks like you have a bigger issue with traffic using WAN2 at all. Try putting in a policy routing rule from just a single test client and routing that via the WAN2 gateway. That should work whether or not WAN1 is up so it won't disrupt other traffic while you're testing. Run a traceroute from that client to be sure it is using WAN2.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

If that's the WAN2 router then you will need another rule above that with just that destination with no gateway set so you can access it.

Without that rule above the default pass rule your traffic only ever uses the default route which looks like it's via WAN1. It needs to be there for failover to work.

However it looks like you have a bigger issue with traffic using WAN2 at all. Try putting in a policy routing rule from just a single test client and routing that via the WAN2 gateway. That should work whether or not WAN1 is up so it won't disrupt other traffic while you're testing. Run a traceroute from that client to be sure it is using WAN2.

Steve
tried that. doesn't work.
i dont know if the router is corrupt or something but ("all steps and guides doesn't work!")

stephenw10

Ok, so you policy router a client via WAN2 and it didn't work.

So what exactly didn't work? Same as during failover? DNS worked and ping worked but nothing else?

Can you hit the modem gui?

What did the traceroute show?

It could be one of those device that prevents you using another router behind it by setting a low TTL. Is it supposed to be limited to a small number of devices like, say, 5? Or 1 even?

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

uld be one of those device that prevents you using another router behind it by setting a low TTL. Is it supposed to be limited to a small number of devices like, say, 5? Or 1 even?

did exactly the same thing.. but this time couldn't reach WAN2 GUI.. but i can ping..
its a bit strange for me.. seeing other people seem to get it right.. Maybe i should just reinstall the software?

stephenw10

You can try that but I don't think it will help. It behaves like some low level mismatch or limitation.

Like for example the TTL limitation I mentioned. If that router only allows a limited number of clients one way they can enforce that is to prevent you using another router behind it.

Steve