Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense noob & multi wan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    14 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      activated1
      last edited by

      Hi all, I recently built a pfsense box, as i mentioned in the subject I have a multi wan setup, that part of the configuration wasn't a problem.

      My current setup is:

      WAN 1 is connected to my ISP (its on the 192.168.3.0 range until I find a way to bridge the modem)

      WAN 2 is an AP in client mode connected to a free WiFi zone nearby (192.168.5.0 range) its slow as hell, and its main purpose is to serve as backup if everything else fails

      WAN 3 is a link to my friend (192.168.0.0) he is my main backup, if my ADSL fails he is on cable so I can fall back to that

      LAN is on the 192.168.1.0 range and all my clients are connected to that interface

      now there are two things I want, I have a decent movie collection on my computer that is connected to the LAN, I would like to share that with my friend on WAN3 is there a way to set that up?

      and it would be prefect if I could somehow set up when my friends internet fails that he can still get access from me.

      equipment wise beside the pfsense box, I have a Ubiquity AirGrid5 on my roof, and a TP-Link TL-WA7510N at my friends

      suggestions and ideas are very very welcome :)

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you just need to setup some static routes pointing towards the friends' lan subnet. You friend needs todo the same for your lan subnet.

        both lan subnets can't be identical

        1 Reply Last reply Reply Quote 0
        • A
          activated1
          last edited by

          thanks, will try fiddle with static routes :)

          1 Reply Last reply Reply Quote 0
          • A
            activated1
            last edited by

            Ok, the static routes method didn't pan out for me, but im sure I messed up something.

            So i went in another direction, I set up a L2TP VPN on WAN3, and when my friend connects to the VPN he gets internet access from me. So I have one part of the problem solved, but i can not get computers on the WAN3 to access computers on the LAN.

            Is there a way to set this up just on my side, so I don't have to mess around with my friends modem?

            1 Reply Last reply Reply Quote 0
            • A
              activated1
              last edited by

              Anybody? :)

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Static routing is the best way to go so perhaps you should debug that.  All you need is his network, subnet and WAN IP.  Can you describe this WAN3 link you have to him in more detail?

                1 Reply Last reply Reply Quote 0
                • A
                  activated1
                  last edited by

                  Ok, OPT2 or now WAN3 is linked to my friend cable modem/router, he is on the 192.168.0.0 subnet, and I get an address assigned by his modem for WAN3. I get access to his internet connection & I can ping/access devices on his network from my computer (which is connected to the LAN and is on the 192.168.1.0 subnet), he on the other hand cant acces anything on my side.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    What firewall rules do you have on the OPT3 interface?  They don't get any by default, so he won't be able to come into your network unless you allow it.

                    1 Reply Last reply Reply Quote 0
                    • A
                      activated1
                      last edited by

                      Oh I have changed rules several times :D

                      This is the current state of affairs :)

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        The first rule is fine but you can fine-tune it later on since it allows all access inbound.  For him to get access to your network, his end would have to be aware of it.  If his config has no idea about your network then all his traffic is going to go out his default gateway.  He needs to add your WAN3 IP as another gateway and then add a static route so that his router knows to send traffic for your network to your WAN3.

                        1 Reply Last reply Reply Quote 0
                        • A
                          activated1
                          last edited by

                          If I understood you, he has to set two gateways, and the static route has to be set on his router?

                          1 Reply Last reply Reply Quote 0
                          • A
                            activated1
                            last edited by

                            So I decided to test this out locally. I have a spare router, on which I set a static route, and a PC on the WAN3 which now has two gateways and id dosent work I cant ping anything on the LAN side.

                            1 Reply Last reply Reply Quote 0
                            • A
                              activated1
                              last edited by

                              Any ideas? What am I doing wrong  ???

                              1 Reply Last reply Reply Quote 0
                              • A
                                activated1
                                last edited by

                                Im open to step by step instructions :D

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.