Dual WAN and IPSEC traffic
-
We've used Monowall/pfSense for over a year and really appreciate the hard work. I just donated cash today to pay my part for the continued development of Monowall/pfSense.
We moved offices last week, so I took the opportunity to replace our simple Monowall setup with a dual wan pfSense box (PIII866,256MB,3 NICS) with two ADSL connections (static IPs). The dual WAN load balancing is setup and working.
At each customer site, we have a WRAP based Monowall box to which we establish an IPSEC tunnel (Main Office LAN to Remote Client LAN) in order to monitor servers, routers, access points, etc. Each LAN is on a different subnet. The tunnels will establish and pass traffic without dual wan load balancing implemented, but enabling load balancing prevents traffic from passing. A quick look at a TRACERT from the Main Office LAN to the Remote Client LAN shows that traffic is being passed out one of the WAN links instead of across the tunnels. I've played with static routes and firewall rules, but I can't seem to get the packets going through the tunnel. Any thoughts or suggestions are appreciated.
-
You have to add a firewallrule with default gateway for all the vpn destination networks on dual WAN/loadbalanced pfSense or the loadbalancer/multiwan will send traffic directly to the WAN gateways bypassing the internal routingtable. I have the same setup at the office and it'S working fine when these rules are in place. You should move them to the top of your lan rules.