Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.5.1 multi-WAN routing trouble

    Scheduled Pinned Locked Moved Routing and Multi WAN
    43 Posts 16 Posters 15.4k Views 17 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fireodoF Offline
      fireodo @4o4rh
      last edited by fireodo

      @gwaitsi said in pfSense 2.5.1 multi-WAN routing trouble:

      2.5.1p1 to fix this issue.

      It seems there is a 2.5.2 in the pipeline:

      Redmine Roadmap 2.5.2

      Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
      SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
      pfsense 2.8.1 CE
      Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

      D S 2 Replies Last reply Reply Quote 3
      • D Offline
        digdug3 @4o4rh
        last edited by

        @gwaitsi Mostly the problem is with OpenVPN not beeing compatible.
        Edit the config.xml en remove the OpenVPN sections. Only thing left to do after installing is recreating OpenVPN.
        If it still won't work, also remove the packages sections.

        1 Reply Last reply Reply Quote 0
        • D Offline
          digdug3 @fireodo
          last edited by

          @fireodo Great spotting that!

          1 Reply Last reply Reply Quote 0
          • V Offline
            vjizzle @4o4rh
            last edited by vjizzle

            @gwaitsi Hi. I have looked and testen Untangle as-well after this whole fiasco with Netgate. Unfortunately I could not get multi-wan port forwarding with OpenVPN to work there and from what I have read on their forums others have failed there as well. Besides They ask a lot of money if you want to have Wireguard...150 USD a year! Wtf

            For the scenario I have I still believe pfSense is the best there is. Now I just wait for the next version which will fix the bugs we have and in the meantime I enjoy the stability and performance of 2.4.5 p1.

            1 Reply Last reply Reply Quote 0
            • S Offline
              slu @fireodo
              last edited by

              @fireodo said in pfSense 2.5.1 multi-WAN routing trouble:

              It seems there is a 2.5.2 in the pipeline:

              Redmine Roadmap 2.5.2

              This would be good news!

              pfSense Gold subscription

              1 Reply Last reply Reply Quote 0
              • P Offline
                peterzy
                last edited by

                They have a fix already: https://reviews.freebsd.org/R10:41063b40168b69b38e92d8da3af3b45e58fd98ca . The problem is that they did not fix it for the CE version.

                1 Reply Last reply Reply Quote 0
                • G Offline
                  geniepro
                  last edited by

                  I'm sure not everybody in my situation, by I have a few OpenVPN clients configured on the router and a single real WAN Gateway.

                  I ran into the problem reported here and after some troubleshooting I noticed that OpenVPN was adding a route to "0.0.0.0/1". Once I manually removed it, "route del 0.0.0.0/1" I noticed that my NAT started working. After further research I noticed that once of my OpenVPN Clients didn't have the "Don't pull routes" checked. After fixing this the issue is gone.

                  Hopefully this will help at least a few of those that are hitting this painful bug.

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    vjizzle @geniepro
                    last edited by

                    @geniepro Hi! That is great news! I have a couple of questions:

                    • does it survive a reboot?
                    • does port forwarding from your OpenVPN client now work?

                    Thank you for your help.

                    1 Reply Last reply Reply Quote 0
                    • G Offline
                      geniepro
                      last edited by

                      @vjizzle, no need to reboot anything, all I needed was NAT to form for the real WAN. I use OpenVPN only for some devices in my network to connect to the internet - bypass the ISP traffic sniffing.

                      If you have a single OpenVPN client, or you need NAT for a single OpenVPN connection, you could maybe manually add a route, something like "route add 0.0.0.0/1 XXX.XXX.XXX" pretty much you need to update your routes to have your connection that you want to NAT to be the default one. I don't know if there is an option to adjust the routes form GUI, or only through SSH.

                      V 1 Reply Last reply Reply Quote 0
                      • V Offline
                        vjizzle @geniepro
                        last edited by

                        @geniepro Thank you so yeah we can do a lot of stuff manually but still it does not solve the multiwan portforwarding issue we have. Will wait further when Netgate pleases to release an update for that bug.

                        1 Reply Last reply Reply Quote 1
                        • S Offline
                          sschueller @digdug3
                          last edited by

                          @digdug3 I just noticed the same issue after upgradeing to 2.5.1. I have automated speed tests running and each interface and it stopped working on all except the current default getway.

                          T 1 Reply Last reply Reply Quote 1
                          • T Offline
                            theone @sschueller
                            last edited by

                            @sschueller Hail Bro... I've solve this issue installing the 2.6 (experimental version). In my case, I've been installed the update of FreeRadius, and all WANS become to works perfect as ussualy. G. Luck !

                            1 Reply Last reply Reply Quote 0
                            • 4 Offline
                              4o4rh
                              last edited by 4o4rh

                              So, I bit the bullet and upgraded to 2.60 dev. It was causing too many issues. So far so good.

                              • edit * I can confirm after a few days, all my post 2.5.1 issues are resolved, and I am back to where I was with 2.5.0. As much as I am appreciative of the efforts by all the developers and netgate for making the software available as open source (although I note it is also in their interests), it is unfathomable that an emergency release was not made to fix this, given the severity of the issue. I am just a simple home user with some redundant wan and vpn connections. I can't imagine the impact on an actual small business user. Even youtube videos were stuttering and repeating portions after the 2.5.1 upgrade, but that has all been resolved.
                              1 Reply Last reply Reply Quote 2
                              • V Offline
                                vjizzle
                                last edited by

                                So Netgate made the decision to release 2.5.2. But first there will be a pfsense+ release and then after some weeks the pfsense ce release. This sadly confirms that pfsense CE users are treated like second-class citizens. But I am glad they are listening to the community and putting in effort for 2.5.2, although they should have figured this out themselves immediately as it happened.

                                Anyone test the 2.5.2 snapshot releases yet?

                                1 Reply Last reply Reply Quote 0
                                • P Offline
                                  peterzy
                                  last edited by peterzy

                                  https://redmine.pfsense.org/issues/11805 - I see they change the plans for fix it for 2.5.2 - great, finally something positive. But looks like it is still not fixed, so no point to test 2.5.2 at this point of time.

                                  JeGrJ 1 Reply Last reply Reply Quote 0
                                  • V Offline
                                    vjizzle
                                    last edited by

                                    Maybe this is not the exact place but I know a lot of you guys are struggling with this particular bug and looking for alternatives and so am I. pfSense CE being a second-class citizen now I started looking into alternatives. Previously I did test multi-wan with opnsense and due to my limited knowledge I did not manage to get it to work.

                                    The past week I saw the YouTube video from Lawrence systems and with renewed inspiration I setup opnsense again in my testlab. I can confirm that I have multi-wan port forwarding running stable using openvpn clients configured in a gateway group. I missed something in my first try but so far opnsense is looking promising as an alternative.

                                    I still hope to see concrete actions from Netgate so I am not making the switch just yet, but it is good to know that there are options :).

                                    4 1 Reply Last reply Reply Quote 0
                                    • 4 Offline
                                      4o4rh @vjizzle
                                      last edited by

                                      @vjizzle why don't you simply update to 2.6 dev and freeze with the current snapshot. It is ok for me.

                                      V 1 Reply Last reply Reply Quote 0
                                      • JeGrJ Offline
                                        JeGr LAYER 8 Moderator @peterzy
                                        last edited by

                                        @peterzy said in pfSense 2.5.1 multi-WAN routing trouble:

                                        https://redmine.pfsense.org/issues/11805 - I see they change the plans for fix it for 2.5.2 - great, finally something positive. But looks like it is still not fixed, so no point to test 2.5.2 at this point of time.

                                        I'd test 2.5.2 if you have a test system available. My preliminary tests show simple forwardings on both WAN Interfaces working fine with 2.5.2 beta:

                                        Just a simple quick testing with forwardings port 80 on two different WANs from different providers to an interhal HTTP server and it shows its test page on both IPs without a hitch.

                                        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                        1 Reply Last reply Reply Quote 0
                                        • V Offline
                                          vjizzle @4o4rh
                                          last edited by vjizzle

                                          @gwaitsi Hi! I understand why you do that…fed up with Netgate 🙂. For me the development release of pfsense cannot be run in production. It’s like still building the car while we are already driving 100 mph on the freeway.

                                          I am running on 2.4.5 p1 which is the last release you can take seriously from Netgate, given the whole 2.5 fiasco and the way they approached that. So for now I am waiting for their next move and then I will decide where to go. I think a lot of people are doing the same and also went back to 2.4.5 p1. The only thing missing from 2.4.5 p1 for me is the latest version of pfblockerng. But I setup AdGuard Home for that and completely happy with that decision.

                                          So the only thing keeping me here is hope….hope that Netgate will deliver on their promise because I still love pfsense. I just hate what Netgate has done with such an amazing piece of software it in these last few months 😒. My hope is I can upgrade to pfsense+ with my own hardware for a reasonable fee.

                                          JeGrJ 1 Reply Last reply Reply Quote 0
                                          • JeGrJ Offline
                                            JeGr LAYER 8 Moderator @vjizzle
                                            last edited by

                                            @vjizzle said in pfSense 2.5.1 multi-WAN routing trouble:

                                            @gwaitsi Hi! I understand why you do that…fed up with Netgate . For me the development release of pfsense cannot be run in production. It’s like still building the car while we are already driving 100 mph on the freeway.

                                            Again: just check the new Beta release of the upcoming 2.5.2. If you don't have test equipment or a VM and don't want to run beta/dev releases (can understand that perfectly) then just read my comment above or have a look here: -> https://forum.netgate.com/topic/164098/2-5-2-beta-test-f%C3%BCr-multiwan-problem/7
                                            It's german but you get it from the screens and logs. MultiWAN seems up and running again.

                                            So yeah, seems it's pretty much taken care of and will be coming soon after the plus release.

                                            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                            V 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.