Guide on how to setup Dual Wan on pfsnse 2.4.4?

jason001

Good day can someone please explain how to setup a working fail-over for pfSense
2.4.4? i did try a online video steps but doesn't seem to work. if Wan1 gateway goes down then Wan2 gateway is up. i could only ping sites such as google Facebook and so on.. but couldn't load the webpage??
Is there any guide for version 2.4.4? one that actually works?

stephenw10

The doc here should still be fine:
https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html

The only thing that has changed recently is that you can now set a failover group as the default gateway which means the DNS requirement no longer holds. But doing exactly as the guide outlines still works fine.

Steve

techrama

please check this source which might help you how to set up dual wan on pfsnse 2..4.4
https://www.cyberciti.biz/faq/howto-configure-dual-wan-load-balance-failover-pfsense-router/

stephenw10

That guide was written before the default gateway changes and misses the DNS settings:
https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html#dns-considerations

Without setting either the default gateway as a failover group or assigning DNS servers to each WAN and using forwarding mode there will be no DNS is the primary WAN fails.

Steve

jason001

All these guides didn't help at all. still having the same issue.
all configured.. the fail over works but can only ping websites but doesn't load pages!

also iv tried to set defGW to Wan2 then my second router interface isnt working. 4g interface not working.png

but if i change lan rule defGW back to "default" then my router interface works.
4g router.png
if i goto: interface/routing and set defGW to wan2 i can also ping websites but AGAIN CANT ACCESS the webpage. wan2 ping but no page load 2.png wan2 ping but no page load.png

Im using a ADSL FritzBox for wan1 and 4G Huawei Router for Wan2.

stephenw10

So DNS works then, it looks like google.com is resolving.

If ping works but TCP doesn't it's either an asymmetric routing issue or packet size.

Try pinging with larger packet sizes.

Try using the test port fucntion in pfSense (Diag) to open a tcp connection using the WAN2 source IP.

Have you actually confirmed your WAN connection is working?

Steve

jason001

@stephenw10

Yes my WAN1 works fine 100% My WAN2 works 100%.
At moment im using WAN1 iv tested WAN2 directly connecting to the WIFI aslo LAN on switch.. Its something in PFSENSE..

stephenw10

Ok, so like I said, try large ping packets, try test port over WAN2.

What is the result? If it fails, what is the error?

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

.
Try using the test port fucntion in pfSense (Diag) to open a tcp connection using the WAN2 source IP

Iv tested all just say "successful"

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Ok, so like I said, try large ping packets, try test port over WAN2.

What is the result? If it fails, what is the error?

Doesn't seem to give error.. just (successful) ping works.., iv tried larger ping (also work) tried test port says: successful

stephenw10

Ok. Are you using a failover group as the default gateway? If so can you test port out without setting a source when WAN1 is down?

We are probably going to need to see some screenshots of your config to diagnose this.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Ok. Are you using a failover group as the default gateway? If so can you test port out without setting a source when WAN1 is down?

i wanted to setup a failover group but since this error i deleted it..
but il setup again and post screenshot

jason001

This is the config i used:

gateway group failover config FailOver Config.png FailOver Auto.png

Lan rule: Lan Rule.png
Advance Tab.png

gateway:

lan detail: lan detail.png

wan1 detail: wan1 detail.png

wan2 detail: wan2 detail.png

stephenw10

Your LAN firewall rule with the failover gateway needs to be above the default allow any rule. Right now no traffic is hitting it.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

Your LAN firewall rule with the failover gateway needs to be above the default allow any rule. Right now no traffic is hitting it.
I Know..
1: If move it to the top and wan1 disconnect/fail i don't have internet.

2: Also if i move it i cant access my router

4g interface not working.png

but if i move rule down.
4g router.png

and i have ping even if wan1 is plugged out! running only on router wan2.

wan2 ping but no page load 2.png

But again cant load pages.
wan2 ping but no page load.png

stephenw10

If that's the WAN2 router then you will need another rule above that with just that destination with no gateway set so you can access it.

Without that rule above the default pass rule your traffic only ever uses the default route which looks like it's via WAN1. It needs to be there for failover to work.

However it looks like you have a bigger issue with traffic using WAN2 at all. Try putting in a policy routing rule from just a single test client and routing that via the WAN2 gateway. That should work whether or not WAN1 is up so it won't disrupt other traffic while you're testing. Run a traceroute from that client to be sure it is using WAN2.

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

If that's the WAN2 router then you will need another rule above that with just that destination with no gateway set so you can access it.

Without that rule above the default pass rule your traffic only ever uses the default route which looks like it's via WAN1. It needs to be there for failover to work.

However it looks like you have a bigger issue with traffic using WAN2 at all. Try putting in a policy routing rule from just a single test client and routing that via the WAN2 gateway. That should work whether or not WAN1 is up so it won't disrupt other traffic while you're testing. Run a traceroute from that client to be sure it is using WAN2.

Steve
tried that. doesn't work.
i dont know if the router is corrupt or something but ("all steps and guides doesn't work!")

stephenw10

Ok, so you policy router a client via WAN2 and it didn't work.

So what exactly didn't work? Same as during failover? DNS worked and ping worked but nothing else?

Can you hit the modem gui?

What did the traceroute show?

It could be one of those device that prevents you using another router behind it by setting a low TTL. Is it supposed to be limited to a small number of devices like, say, 5? Or 1 even?

Steve

jason001

@stephenw10 said in Guide on how to setup Dual Wan on pfsnse 2.4.4?:

uld be one of those device that prevents you using another router behind it by setting a low TTL. Is it supposed to be limited to a small number of devices like, say, 5? Or 1 even?

did exactly the same thing.. but this time couldn't reach WAN2 GUI.. but i can ping..
its a bit strange for me.. seeing other people seem to get it right.. Maybe i should just reinstall the software?

stephenw10

You can try that but I don't think it will help. It behaves like some low level mismatch or limitation.

Like for example the TTL limitation I mentioned. If that router only allows a limited number of clients one way they can enforce that is to prevent you using another router behind it.

Steve