pfSense 2.5.1 multi-WAN routing trouble

theone · May 24, 2021, 8:53 PM

@sschueller Hail Bro... I've solve this issue installing the 2.6 (experimental version). In my case, I've been installed the update of FreeRadius, and all WANS become to works perfect as ussualy. G. Luck !

4o4rh · May 30, 2021, 8:16 AM

So, I bit the bullet and upgraded to 2.60 dev. It was causing too many issues. So far so good.

edit * I can confirm after a few days, all my post 2.5.1 issues are resolved, and I am back to where I was with 2.5.0. As much as I am appreciative of the efforts by all the developers and netgate for making the software available as open source (although I note it is also in their interests), it is unfathomable that an emergency release was not made to fix this, given the severity of the issue. I am just a simple home user with some redundant wan and vpn connections. I can't imagine the impact on an actual small business user. Even youtube videos were stuttering and repeating portions after the 2.5.1 upgrade, but that has all been resolved.

vjizzle · May 30, 2021, 9:24 AM

So Netgate made the decision to release 2.5.2. But first there will be a pfsense+ release and then after some weeks the pfsense ce release. This sadly confirms that pfsense CE users are treated like second-class citizens. But I am glad they are listening to the community and putting in effort for 2.5.2, although they should have figured this out themselves immediately as it happened.

Anyone test the 2.5.2 snapshot releases yet?

peterzy · May 30, 2021, 9:40 AM

https://redmine.pfsense.org/issues/11805 - I see they change the plans for fix it for 2.5.2 - great, finally something positive. But looks like it is still not fixed, so no point to test 2.5.2 at this point of time.

vjizzle · May 31, 2021, 2:38 PM

Maybe this is not the exact place but I know a lot of you guys are struggling with this particular bug and looking for alternatives and so am I. pfSense CE being a second-class citizen now I started looking into alternatives. Previously I did test multi-wan with opnsense and due to my limited knowledge I did not manage to get it to work.

The past week I saw the YouTube video from Lawrence systems and with renewed inspiration I setup opnsense again in my testlab. I can confirm that I have multi-wan port forwarding running stable using openvpn clients configured in a gateway group. I missed something in my first try but so far opnsense is looking promising as an alternative.

I still hope to see concrete actions from Netgate so I am not making the switch just yet, but it is good to know that there are options :).

4o4rh · May 31, 2021, 3:02 PM

@vjizzle why don't you simply update to 2.6 dev and freeze with the current snapshot. It is ok for me.

JeGr · May 31, 2021, 4:17 PM

@peterzy said in pfSense 2.5.1 multi-WAN routing trouble:

https://redmine.pfsense.org/issues/11805 - I see they change the plans for fix it for 2.5.2 - great, finally something positive. But looks like it is still not fixed, so no point to test 2.5.2 at this point of time.

I'd test 2.5.2 if you have a test system available. My preliminary tests show simple forwardings on both WAN Interfaces working fine with 2.5.2 beta:

Just a simple quick testing with forwardings port 80 on two different WANs from different providers to an interhal HTTP server and it shows its test page on both IPs without a hitch.

vjizzle · May 31, 2021, 6:20 PM

@gwaitsi Hi! I understand why you do that…fed up with Netgate . For me the development release of pfsense cannot be run in production. It’s like still building the car while we are already driving 100 mph on the freeway.

I am running on 2.4.5 p1 which is the last release you can take seriously from Netgate, given the whole 2.5 fiasco and the way they approached that. So for now I am waiting for their next move and then I will decide where to go. I think a lot of people are doing the same and also went back to 2.4.5 p1. The only thing missing from 2.4.5 p1 for me is the latest version of pfblockerng. But I setup AdGuard Home for that and completely happy with that decision.

So the only thing keeping me here is hope….hope that Netgate will deliver on their promise because I still love pfsense. I just hate what Netgate has done with such an amazing piece of software it in these last few months . My hope is I can upgrade to pfsense+ with my own hardware for a reasonable fee.

JeGr · Jun 1, 2021, 10:25 AM

@vjizzle said in pfSense 2.5.1 multi-WAN routing trouble:

@gwaitsi Hi! I understand why you do that…fed up with Netgate . For me the development release of pfsense cannot be run in production. It’s like still building the car while we are already driving 100 mph on the freeway.

Again: just check the new Beta release of the upcoming 2.5.2. If you don't have test equipment or a VM and don't want to run beta/dev releases (can understand that perfectly) then just read my comment above or have a look here: -> https://forum.netgate.com/topic/164098/2-5-2-beta-test-f%C3%BCr-multiwan-problem/7
It's german but you get it from the screens and logs. MultiWAN seems up and running again.

So yeah, seems it's pretty much taken care of and will be coming soon after the plus release.

vjizzle · Jun 1, 2021, 12:07 PM

@jegr Hi! I put some time apart to setup pfSense 2.5.2 BETA on my homelab in a VM. I can confirm that Multi-WAN with OpenVPN port forwarding is working!

So this is great news and I hope we can see more and more bugs fixed in upcoming snapshots. I have a couple of remarks about things not working but I will post them in the development forum. I am glad to help :)

tleiras · Jun 10, 2021, 6:05 PM

Hi All.

Sorry for my English. It's not my native language.

I'm passing with the same problem using OpenVPN and Multi Wan using the same server port on TCP connection for any interface.

I did a work around that have worked to me.

Follow what I did:

I've created a new server entry using UDP4 using the same cert, only changing Tunnel Network.
On this new connection, I've set a Carp IP of whe Second Wan interface.

This is my new setup:

On service 1, I have a TCP listening on 2301 port with "Any" Interface.
On service 2, I have a UDP port 2302 with CARP "WAN2" Interface.

On the OpenVPN client, I've setup two ovpn files, one pointing to service 1 and other pointing to service 2 and my office users choose which they want to use.

I'm anxious to update my pfsense box to 2.5.2 ASAP. While Netgate doesn't release this version, I hope this work around works to you.

gnatbite · Oct 9, 2021, 7:21 AM

Hi folks,

I came across a very similar problem with a Netgate pfSense running version 21.05.01 and a Multi WAN setup [DSL as WAN1 (Tier1) and 4G router on Opt1 as WAN2 (Tier2)] using gateway groups for automatic failover.

Server side: CentOS7 with OpenVPN 2.4.11-1.el7
Client side: pfSense BSD with OpenVPN 2.5.2

The situation was as follows:

OpenVPN site-to-site connection was successfully established between server (CentOS) and client (pfSense)
ping FROM server TO pfsense worked fine
Once traffic was sent from pfsense to the server VPN, the connection immediately dropped, 100% reproducible

I played around with different compression settings and stuff but nothing really helped.

However, the final solution to reconfigure the OpenVPN from TCP to UDP.

Hope that helps someone in the future. :)