PFsense for Second ISP, NOT multi-wan



  • I'm trying to figure this out on my own but it's been a week. Time for help. I'm in a two building location, connected by fiber between the two. Main internet comes in at location one. Location two just got a new smaller circuit (all Ethernet) mainly for faillover when location 1 goes out. However I'd also like to use it for DMZ and OpenVPN  access. I've tried setting up a bunch of ways but each way i run into a different point where things don't work. I've tried routing from pfSense LAN to routed port on building router, that works but then firewall rules get weird using static routes and alternate gateways, I've tried connecting lan via a layer 3 vlan trunk with vlans but internal pfsense vlans get routed out the regular gateway on the main network. What would your suggestion be to keep it clean and troubleshot able??

    hopefully this picture works.



  • The devices will always send their upstream traffic to their default gateway except there is a special route set for the destination address.

    Best practice would be to put pfSense in the line between the two routers and set up a dual WAN configuration. One WAN with higher prio is the location one router, the other is ISP2.

    If you don't want that you can only use it for upstream traffic of devices which have the pfSense set as default gateway and for downstream in combination with S-NAT on the internal interfaces.



  • Unfortunately, there is no way to put this in the middle of the wan's as I do not have another pair of fiber between buildings locations. I may just go with using as a fail-over for location two.