MultiWAN with Load Balance and VoIP

  • Hi folks,

    I have a setup for one client with 2 ISPs (one cable, other ADSL), and I utilize them for failover and load balance.

    Load balance and failover is working great. We also setup a Asterisk box now with voip service (voip provider for the phone lines).

    I constantly loose the registration to the voip provider. It will registered within 60secs again, however, if somebody calls within these 60secs, they get "a not connected number" message … not good.
    I think that the load balance is killing the registration to the voip provider, I have no other evidence, that anything else is wrong.

    I want to keep the load balance, if possible, however, I also know, that in the firewall rules, I can setup a rule that will force the IAX2 port to use one gateway only, instead of the default. If I do that, I will loose the failover function for that rule (thats how I uderstand it at least ...).

    How can I set it up, so that I can keep the load balance for the rest of the network (except voip), but still get failover, in case the ISP that I use for the voip goes down.

    Any constructive suggestions highly welcome.

    Thank you all.


  • Hi,

    I think I figured it out. Just to get confirmation (or not) or it may help somebody else, I will paste my solution.

    I have 2 ISPs, WAN1 and WAN2.

    I also have 3 gateway groups with WAN1 and WAN2 setup.

    Gateway Group 'Loadbalance' has WAN1 and WAN2 both as 'Tier 1'.
    Gateway Group 'Failover WAN1 to WAN2' has WAN1 as 'Tier 1' and WAN2 as 'Tier 5'
    Gateway Group 'Failover WAN2 to WAN1' has WAN1 as 'Tier 5' and WAN2 as 'Tier 1'

    Before the change, the voip traffic was using the LoadBalance Gateway. That could switch back and forth making asterisk go crazy and loose the registration to the voip provider.

    I added 2 rules, first one was taking all the traffic from the PBX directed to the voip provider and using the 'Failover WAN1 to WAN2' gateway group.
    Rule 2 was the same as rule one, just using the 'Failover WAN2 to WAN1' gateway group.

    The result is (or at least intended) that the PBX would always use only one gateway (Tier 1 of that particular rule) when the connection is good. If the connection is lost, it will jump to the next rule.

    I hope this will work.

    If the pros here could validate (or not), that would be great.

    Thanks a lot!



  • I do not think that will work as the rules are processed top to bottom.  Have you tested this?  I too am having the same problem and have posted a job on up work for a custom script that would take care of this for failback.  What it sounds like to me is when the traffic tries to fail back the coup traffic does not because the states are not terminated.

  • Hi,

    I just spend a hour testing this, and you are right, it is not working. The state does not get reset, despite having the checkbox checked in Advanced > Misc > Gateway Monitor > Reset State on Gateway down.

    Gateway is down, but the states stay there and dont change. When resetting the states manually, than it will select the fallback gateway and work fine. However, it does not do it automatically.

    So my question is, what is the point of having a check mark but the firewall not behaving the way it should?
    It seems to be working fine with "normal" traffic? DISCLAIMER: I am not on site, and was testing everything remotely, so I cannot pull the plug and see what happens …

    I have pfsense 2.3.1 installed and am using IAX2 on prot 4569.

    Can anybody shed some light onto why the the states do not get reset when the default (or non-default) gateway(s) are down?

    Looks like a bug, existed in 2.1 as well.


  • I had a script created.  It needs to be saved to pfSense and crib job created using package cron

    I have yet to test

  • Could you simply put a not !PBX as the source IP in the LoadBalance rule? Then whenever a PBX packet hits the Lan, it will not match the LoadBalance rule but instead skip to the next fail-over rule below.

  • That is what I did now. I disabled the LoadBalance for now, and created a separate rule only for the PBX traffic and excluded PBX traffic from all other rules.

    However, the failover still does not work. Pfsense does not kill the state when the gateway fails. This is my biggest problem!


  • Good to know ahead of time fail-over doesn't work as that was my next planned rule add. I'm surprised something this important has been missed and also was a problem in 2.1

  • I have done a lot of reading in regards to this issue, and pre-2.3 apinger was terrible and was often the issue.

    However, I had some pre-2.3 boxes working with failover, but there was no voip traffic on these boxes.

    This issue seems to be just for voip traffic. I have not been on site to do some more on depth testing. pfsense does not recognise that a gateway is down and does not switch. I can watch the state for voip traffic just sitting there and not changing. If I delete them manually, than it will failover to the second WAN connection but does not work automatically.

Log in to reply