Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN Question

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 3 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Oxyg3n
      last edited by

      Greetings,

      I have noticed a lot of people have been asking questions about how to set up load-balancing.

      Now, im looking at doing it slightly differently.
      I have 2 modems (Diff ISP, Diff Gateway etc etc)
      Both are set at 20mbit

      Is there a way I can Bridge the 2 together, so essnetially i get a 40mbit connection.
      Even if this requires me to setup something on the internet side (Past my ISP's, like a 3rd party VPN, etc etc)
      I would like to know how, because this is something I would really like to do, the cost of doing it, isnt so much of a problem, but I would like done.

      Is there any possible way someone could go through this with me, on how to setup pfsence, to do it this way, and if i would require a 3rd party device outside of my ISP's

      Thanks in advance
      Oxyg3n

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        To the best of knowledge i don't think you can achieve that.

        1 Reply Last reply Reply Quote 0
        • K
          ktims
          last edited by

          What are your goals here? Load balancing isn't all that hard to set up, but it does have some limitations and I can't tell if you're asking if there is a way to overcome them or not.

          Built-in to pfSense is the functionality to send each independent TCP connection through a different WAN. That means that each individual connection will be limited to the single-link speed, but if you have a large number of connections, overall utilization will be decent. For most applications though, this is fine as it offers failover and increased performance for common workloads (lots of users accessing the internet).

          If you're going for a single connection with 40mbit though, this isn't achievable using pfSense, or any other router for that matter (at least with different ISPs, anyway). There is a potential hacky solution, but I think it would be easier to implement using Linux or a bare FreeBSD install:

          a) Run an external server with at least 3 static IPs and 40mbit of bandwidth
          b) Set up OpenVPN in bridging mode on 2 of the IPs
          c) Set up static routes to send traffic to each of the IPs out a separate WAN
          d) Use link aggregation to trunk the two links into a single 40mbit link

          Potentially simpler would be to use EoIP instead of an OpenVPN bridge, but the topology would be similar.

          This has limitations of its own (the two separate routes with different latency etc. could cause strange behaviour and possibly reduced performance, among other issues), is costly and easy to screw up, but in theory it should work.

          1 Reply Last reply Reply Quote 0
          • O
            Oxyg3n
            last edited by

            I've Looked into Link aggregation, and this seams to be the more appropriate choice for me, (other then the VPN solution and bridging the 2 connections together, which im still kinda stuck on in getting working)

            Would pfSence 2.0 support link aggregation yet, or is it still a planned feature thats not yet implimented (if its planned at all) ?

            I ask because, I dont particually care too much about failover, its for my home connection, and both connections have been on for a year with 0 downtime, im more interested in the speed I could be getting from utilising both connections

            1 Reply Last reply Reply Quote 0
            • K
              ktims
              last edited by

              Link aggregation only works if the two connections are on the same layer-2 network segment. It can't be used to span providers, and even on a single provider, most DSL/Cable ISPs won't support this configuration. About the only exception is that some PPPoE-based DSL ISPs can do ML-PPP aggregation (I know of at least one in eastern Canada). Either way, both connections would have to be on the same ISP and probably terminated at the same CO.

              1 Reply Last reply Reply Quote 0
              • O
                Oxyg3n
                last edited by

                So my only other real option is OpenVPN… I figured this would prolly be my only option, but I laid in hope.

                Essentially could i do this in pfsence, and what sort of NAT problems could I run into, me and the mrs play XBox Live a lot, and well without full control over an IP, its pretty pointless.

                Could I run something on the OpenVPN host, to allow me full control over the IP I want to use, etc etc.

                Do you have any example config files I could use for OpenVPN in order to make this as (lets say) simple as possible, im a complete noob with OpenVPN, ive only ever toyed with it, and well, im not sure on what im doing

                Another question, would the tap/tun connections have to be bridged at both ends of the tunnel, or just at mine/hosts end?

                1 Reply Last reply Reply Quote 0
                • K
                  ktims
                  last edited by

                  In the proposed configuration youd probably want to bridge the endpoint onto an actual NIC, and then assign a public IP from that network to your home gateway. Or do some kind of 1:1 NAT or something similar instead, but that would be easiest.

                  I dont think youd have to actually bridge the tunnel onto a physical network, but you would have to run OpenVPN in bridge mode so that the two links could be aggregated. In fact, since you want to aggregate them, youd specifically *not* want to bridge them onto a physical network because youd want to aggregate them.

                  There are a lot of complications in getting this working though, and I haven`t done it (nor do I have a setup where I can try it out), but it should work in theory. You may look to the Mikrotik bulletin boards as apparently some users there have done it using EoIP layer-2 tunnels instead of OpenVPN, but the basic idea is very similar.

                  1 Reply Last reply Reply Quote 0
                  • O
                    Oxyg3n
                    last edited by

                    The problem i have with the EoIP function, is the servers I have access to are all linux based with other stuff running on them, by the looks of things, I would have to have there OS installed on both sides of the network in order for it to function properly.

                    1 Reply Last reply Reply Quote 0
                    • K
                      ktims
                      last edited by

                      It was just a suggestion so you can get a better idea of how such a setup would work. OpenVPN layer-2 tunnels server the same basic purpose and work similarly to the EoIP tunnels used there. AFAIK the Mikrotik OS is Linux-based anyway.

                      It's not in the Linux trunk, but there is a module available for RFC 3378 (EoIP) support here http://www.zlug.org/~joro/projects/

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.