Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN strange behaviour after changing default LAN rule to gateway group

    Routing and Multi WAN
    2
    4
    515
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andre.paiz
      last edited by

      Hi everybody. I'm having some trouble to set a multi-WAN environment.

      Here is my network:

      Virtualized PFSense 2.3-RELEASE inside VMware ESXi

      WAN: Primary connection (static IP)
      WAN2: Secondary connection (static IP)

      LAN: Private IP network with NAT on WAN interfaces for internet connection.

      I have configured the following:

      1. Default gateway on both WAN and WAN2

      2. Created a gateway group where WAN is Tier 1, WAN2 is Tier 2 and failover method is Link Down

      3. Configured 4.2.2.1 for monitor IP inside WAN and 4.2.2.2 for WAN2. I can see inside the routing table that the system has created a static route for each one of this IPs and tracerout is working as expected

      4. Configured inbound rules for WAN and WAN2

      5. Configured NAT Rules for my private network range to perform NAT when going outside via WAN and WAN2

      6. Configured the default LAN rule advanced settings to specify the GatewayGroup as gateway.

      And that's where the problem begin. After item 6, my network is suffering small falls. E.g. when I connect from the internet to an inside IP (with nat redirection) via Microsoft RDP, the connection falls and reconnect again within 1 or 2 seconds. So it stays on, and after 2 or 3 minutes, it falls again and reconnect.
      After a lot of testing, I discovered that removing the advanced gatewaygroup settings from the default LAN rule, the connection becomes stable again.

      I tried to create a default all to all floating rule just for testing, and it all stays the same. Also I have noticed that inside the gateway status, the secondary link always displays "high latency" and sometimes "offline" status. And that is not true, because I can test it anytime, even inside pfsense shell.
      Everything else is working fine, internet connection, NAT, port redirection…

      Is there something missing? Can someone give me a hand?
      Thank you.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        @andre.paiz:

        Hi everybody. I'm having some trouble to set a multi-WAN environment.

        Here is my network:

        Virtualized PFSense 2.3-RELEASE inside VMware ESXi

        start by updating to the latest stable

        @andre.paiz:

        WAN: Primary connection (static IP)
        WAN2: Secondary connection (static IP)

        please specify the subnets involved… are your wan addresses/subnets using the same gateway ?

        @andre.paiz:

        4. Configured inbound rules for WAN and WAN2

        please post screenshots of those rules

        @andre.paiz:

        5. Configured NAT Rules for my private network range to perform NAT when going outside via WAN and WAN2

        this should be handled automagically by default. why/what did you change from the default settings ? (screenshots would be helpful)

        @andre.paiz:

        And that's where the problem begin. After item 6, my network is suffering small falls. E.g. when I connect from the internet to an inside IP (with nat redirection) via Microsoft RDP, the connection falls and reconnect again within 1 or 2 seconds. So it stays on, and after 2 or 3 minutes, it falls again and reconnect.
        After a lot of testing, I discovered that removing the advanced gatewaygroup settings from the default LAN rule, the connection becomes stable again.

        I tried to create a default all to all floating rule just for testing, and it all stays the same. Also I have noticed that inside the gateway status, the secondary link always displays "high latency" and sometimes "offline" status. And that is not true, because I can test it anytime, even inside pfsense shell.
        Everything else is working fine, internet connection, NAT, port redirection…

        Is there something missing? Can someone give me a hand?
        Thank you.

        Looks like an assymetric routing issue to me (rdp going in on WAN1, trying to leave on WAN2). Not enough info to tell you why: see points above

        enjoy =)

        1 Reply Last reply Reply Quote 0
        • A
          andre.paiz
          last edited by

          Here we go:

          Different gateways for each WAN connection

          Subnets:
          192.168.0.0/24 = LAN
          186.209.7.0/24 = WAN (NAT)
          192.168.10.0/24 = WAN2 (I'm performing NAT for this connection because this subnet is provided by my ISP, although is a private network)

          Inbound Rules: mostly are rules created to perform NAT redirection (screenshot below. They are almost similar, so there's a partial image)

          NAT Rules (screenshot below)

          If something else is needed, please let me know.




          1 Reply Last reply Reply Quote 0
          • A
            andre.paiz
            last edited by

            Hi, is there someone who can help me, please?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post