Dual WAN strange behaviour after changing default LAN rule to gateway group



  • Hi everybody. I'm having some trouble to set a multi-WAN environment.

    Here is my network:

    Virtualized PFSense 2.3-RELEASE inside VMware ESXi

    WAN: Primary connection (static IP)
    WAN2: Secondary connection (static IP)

    LAN: Private IP network with NAT on WAN interfaces for internet connection.

    I have configured the following:

    1. Default gateway on both WAN and WAN2

    2. Created a gateway group where WAN is Tier 1, WAN2 is Tier 2 and failover method is Link Down

    3. Configured 4.2.2.1 for monitor IP inside WAN and 4.2.2.2 for WAN2. I can see inside the routing table that the system has created a static route for each one of this IPs and tracerout is working as expected

    4. Configured inbound rules for WAN and WAN2

    5. Configured NAT Rules for my private network range to perform NAT when going outside via WAN and WAN2

    6. Configured the default LAN rule advanced settings to specify the GatewayGroup as gateway.

    And that's where the problem begin. After item 6, my network is suffering small falls. E.g. when I connect from the internet to an inside IP (with nat redirection) via Microsoft RDP, the connection falls and reconnect again within 1 or 2 seconds. So it stays on, and after 2 or 3 minutes, it falls again and reconnect.
    After a lot of testing, I discovered that removing the advanced gatewaygroup settings from the default LAN rule, the connection becomes stable again.

    I tried to create a default all to all floating rule just for testing, and it all stays the same. Also I have noticed that inside the gateway status, the secondary link always displays "high latency" and sometimes "offline" status. And that is not true, because I can test it anytime, even inside pfsense shell.
    Everything else is working fine, internet connection, NAT, port redirection…

    Is there something missing? Can someone give me a hand?
    Thank you.



  • @andre.paiz:

    Hi everybody. I'm having some trouble to set a multi-WAN environment.

    Here is my network:

    Virtualized PFSense 2.3-RELEASE inside VMware ESXi

    start by updating to the latest stable

    @andre.paiz:

    WAN: Primary connection (static IP)
    WAN2: Secondary connection (static IP)

    please specify the subnets involved… are your wan addresses/subnets using the same gateway ?

    @andre.paiz:

    4. Configured inbound rules for WAN and WAN2

    please post screenshots of those rules

    @andre.paiz:

    5. Configured NAT Rules for my private network range to perform NAT when going outside via WAN and WAN2

    this should be handled automagically by default. why/what did you change from the default settings ? (screenshots would be helpful)

    @andre.paiz:

    And that's where the problem begin. After item 6, my network is suffering small falls. E.g. when I connect from the internet to an inside IP (with nat redirection) via Microsoft RDP, the connection falls and reconnect again within 1 or 2 seconds. So it stays on, and after 2 or 3 minutes, it falls again and reconnect.
    After a lot of testing, I discovered that removing the advanced gatewaygroup settings from the default LAN rule, the connection becomes stable again.

    I tried to create a default all to all floating rule just for testing, and it all stays the same. Also I have noticed that inside the gateway status, the secondary link always displays "high latency" and sometimes "offline" status. And that is not true, because I can test it anytime, even inside pfsense shell.
    Everything else is working fine, internet connection, NAT, port redirection…

    Is there something missing? Can someone give me a hand?
    Thank you.

    Looks like an assymetric routing issue to me (rdp going in on WAN1, trying to leave on WAN2). Not enough info to tell you why: see points above

    enjoy =)



  • Here we go:

    Different gateways for each WAN connection

    Subnets:
    192.168.0.0/24 = LAN
    186.209.7.0/24 = WAN (NAT)
    192.168.10.0/24 = WAN2 (I'm performing NAT for this connection because this subnet is provided by my ISP, although is a private network)

    Inbound Rules: mostly are rules created to perform NAT redirection (screenshot below. They are almost similar, so there's a partial image)

    NAT Rules (screenshot below)

    If something else is needed, please let me know.






  • Hi, is there someone who can help me, please?


Log in to reply