fixing wan ip for particular user in pfsense load balance



  • hi,

    i have configured pf sense with dual WAN connections load balancing. is there any way, we can fix wan connection for particular user so that tht user always have same wan ip?

    i am asking this cuz as in multiple wan load balance, wan ip keep changing from isp1 to isp 2 n vice versa. so baking website considered it suspicious and keeps me log out.

    Regards,

    Ali



  • @zainali525 well, I suppose you are having issues with all https sites, not just specific.
    Try enabling sticky connections and making timeout rather big.
    If this won't help, then remove https from load balance and use it as failover.

    You can always put rules on specific user not to load balance, however the issue will propagate elsewhere



  • @netblues said in fixing wan ip for particular user in pfsense load balance:

    making timeout rather big.

    thanks for reply @netblues. i m thinking i shud make a firewall rule for tht particular user and instead of using gatway group just bind it to one wan isp. cuz only one user is complaining abt this issue. what you sugesst?



  • @zainali525 Others will probably complaint sooner or later



  • For load balance you have gateway group with two WAN at same tier right ? Make another group for failover and then create rule for HTTP and HTTPs traffic with this group as gateway :)
    I have 4 WAN setup and had same problem before, mostly with crypto exchange sites like Poloniex and now i have firewall rule for HTTP and HTTPs for all network, not just particular IP and it works :)
    0_1546067763101_Firewall Rule LAN.PNG



  • @kartoff If you also exclude http traffic from load balancing, then there isn't much to load balance.
    https has issues with the tls mechanism and ip's changing.
    http is much more forgiving.
    Enable sticky connections, put 1800 (sec) as timeout and you should be ok