Multi Wan and wrong default gateway

  • Hello!
    I use the Multi-Wan configuration in my Pfsense 2.3.4 with two Wans (Wan1 and Wan2)
    I know the operating logic and Multi-Wan routing policy as specified in the manual:

    My problem is with Squid. I know I need to enable the configuration below so that it works properly with Multi-Wan

    using default gateway switching under System > Advanced on the Miscellaneous tab

    Besides my two Wan, I also have a VPN gateway.
    And in case of problems in my main link, sometimes the VPN gateway is erroneously set as the default gateway instead of the secondary link. Because Squid queries the Default Gateway for browsing, it attempts to navigate through the VPN.

    Has anyone managed to resolve this issue? Can I make Pfsense, in the case of a problem on my main link, not choose Default Gateway as my VPN gateway, but the gateway of my secondary link?

    Em portugues

    Utilizo a configuração Multi-Wan em meu Pfsense 2.3.4 com duas Wans (Wan1 e Wan2)
    Conheço a lógica de funcionamento e política de roteamento Multi-Wan conforme especificada no manual:

    Meu problema está no funcionamento do Squid. Sei que preciso habilitar a configuração abaixo para que ele funcione adequadamente com Multi-Wan

    using default gateway switching under System > Advanced on the Miscellaneous tab

    Além das minhas duas Wan, também tenho um gateway VPN.
    E em caso de problemas no meu link principal, algumas vezes, o gateway de VPN é erroneamente definido como gateway default ao invés do link secundário. Como o Squid consulta o Default Gateway para fazer a navegação ele tenta navegar pela VPN.

    Alguem conseguiu resolver esta questão? Posso fazer com que o Pfsense, no caso de problema no meu link principal, não escolha como Default Gateway meu gateway da VPN e sim o gateway de meu link secundário?

  • Hello,

    I have a similar problem :)
    Im using 3 WANs from 4G modems.. with a group gateway and rule in firewall LAN to use the balanced group. The problem it is that the round-robin
    is using 70% of the time the default gateway and at the end i have 50-70% more traffic on the default gateway.  The gateway switch it is enable, its doing the job. There a way to set pfsense to use as default the group ?

  • Since Squid only works with Default gateway, I understand that the solution comes from the way Pfsense switches the default gateway.

    In my case I have 3 gateways
    Wan1 (Default Gateway)

    Does anyone know, what does Pfsense look for to change the default gateway when selecting the "Enable default gateway switching" option?

    –- Em português ---
    Como o Squid apenas trabalha com Default gateway, entendo que a solução venha do modo como o Pfsense troca o gateway padrão.

    No meu caso tenho 3 gateways
    Wan1 (Default Gateway)

    Alguém sabe, o que o Pfsense leva em consideração para a troca do default gateway ao selecionar a opção "Enable default gateway switching"?

  • I think i know the answer : ) Please put me 10 in the catalog :D
    Someone it can correct me if im wrong. The pfsense ( hard coded software ) it looks at default gateway to be online, if dpinger is reporting that the gateway is offline " enable switch default gateway " take  the action and is changing the gateway to the next availabe one.

  • And is there an option to change the order of the next available gateway?

  • Did you solved this? I have exactly same problem, when ISP1 is offline, pfsense chage default gateway to my VPN gateway, instead of ISP2.
    I'm using gateway group for ISP1 anda ISP2.

  • Hello, in my case I was able to solve it like this:
    I noticed that I did not need the VPN gateway, so I enabled gateway monitoring and also enabled it to always be off. So the VPN gateway in my case and to the present moment was not identified as default gateway

    Olá, no meu caso consegui resolver do seguinte modo:
    Notei que eu não precisava do gateway da VPN, então habilitei o monitoramento do gateway e também habilitei para ficar sempre off. Assim o gateway da VPN no meu caso e até o presente momento não foi identificado como default gateway

Log in to reply