Adding secondary WAN to existing network without completely changing topology
-
What networks are in play in both houses they both use 192.168.1/24 as their lan?
-
@johnpoz Yes, both houses are in the same lan, connected via a wireless bridge that is slower than the new wan connection.
-
That is problematic sort of setup. In that sort of scenario best option is just just do it at the client level.
I would change one of the networks say have 192.168.1/24 on at one house and 192.168.2/24 at the other house. Then you can setup a gateway in pfsense using the other houses network and it could be set to just nat to that and the other isp router would just see all traffic as any other client.
Do you do a lot of inter house traffic? There are some really high speed wireless bridges these days where gig is not a problem
https://store.ui.com/products/unifi-building-to-building-bridge
$500There are some cheaper options as well. Just having hard time remembering the product name..
Here are some more unifi options
https://store.ui.com/collections/operator-airmax-devices/products/gbeOr the nanobeams
https://store.ui.com/collections/operator-airmax-devices/products/nanobeam-5ac-gen2What are you currently using for your wifi connection? What is your internet speed? What speed would you like to see between the buildings?
-
@johnpoz The speed between the houses is 250 MBit, but the new connection will be 1 GBit.
Won't adding another gateway into pfsense solve this thou? I read that I could add another one, attach it to the lan interface and give it the IP address of the second gateway.
If I understand it correctly, pc in house 1 would ask router in house 2 for the best way out, and be told to send stuff to house 1 wan and would use that route as long as the route stays cached in pc 1.
Or would this setup not work?
-
Your going to run into all kinds of issues trying to put a wan on your LAN network! You just turned it into a wan... You need to use a different network, and then you can create a gatway on pfsense.
-
@johnpoz Can't I set a new default route on router 2 to send WAN traffic to router 1?
The route would send traffick there and would use the secondary route only if the new primary is down.
Router one would have a gateway set up on one of it's interfaces where the other end would be WAN.
-
If you want to run only 1 network as your lan.. Which gateway you use is going to have to be decided by the client.. Even if you setup an asymmetrical mess by setting a gateway in this network. The return traffic would not go back to the other router and you run into stateful problems.
The correct solution if you want pfsense to send traffic to another gateway is for this to be on a different network.. Change your houses networks to be different, and then sure you can have pfsense nat to the other houses network and you don't have asymmetrical issues.
Setting multiple gateways on a client can be problematic as well. While you can set metrics to try gateway 1 vs 2.. Good luck with that.
To do this correctly both routers would need to understand routing and allow for a transit network.. ISP or Soho routers highly unlikely to support such a setup. If you ran pfsense in both houses. And then setup a transit network over your wifi bridge, you could do really anything you wanted with policy routing or failover.
Clients in easier house this way only need to know their own local gateway. And the routers would decide which wan to use - either the one they are connected to directly, or the one via the transit network to the other router.
This would be the proper way to set it up
You would want to use a /29 as the smallest because your wifi bridge devices would have IPs in the transit as well for managment purposes.
-
@johnpoz Thanks, I see what you mean. My original idea was to get another apu unit and set up a second pfsense router, but those things are sold out for several months.
Think I might change the default gateway on router 2 to be the ip of router 1 while keeping 2 as a DHCP and DNS server.
Would change the topology like you recommended, but will possibly end up with removing the original WAN connection and only keeping the new one.
Having 1 as the gateway would speed up the network in the house behind the wireless bridge, as the bridge bandwidth is higher than the old WAN.
Would set up a proper gateway on router 1 where one port would have a WAN address.
And keeping pfsense as the DNS would at least keep ad filtering alive, thou will loose the firewall.
Wish we did not have chip shortages and I could get a second apu.
-
I believe the sg3100 are in stock ;)
-
@johnpoz I thought you might say something like that :P Was really planning to get another device like the one before, seems more cost efficient thou does lack any support.
And the offer in the Netgate store is tempting. Will those devices be using the forked pfsense with the new gui and how are they typically supported with updates?
Does seem a shame that they only have dual cores and 2GB of ram.
-
@marekandreansky said in Adding secondary WAN to existing network without completely changing topology:
Does seem a shame that they only have dual cores and 2GB of ram.
Why - do you need a Ferrari to drive to the corner store, or will that Sonata work?
Do you really need more horse power than needed to pull the plow, or do you need 8 Clydesdales?
This is an appliance this going to really do 1 thing.. Well actually a few things, but It will do it well, it will do it for a long time, and it will use very little power doing it.
The appliance update whenever a new version comes out - with appliance you get pfsense+ just use to be call FE vs CE..
