How to Multi-WAN setup as Loadbalancing and route all traffic over VPN-Provider like mullvad?
I am able to configure Multi-WAN as Failover or Loadbalancing. But how can I load balance two WAN to get the bandwidth of both as a sum but still redirect all the outgoing traffic over VPN-Server (like mullvad) while 2 or more VPN-Server are balanced?
DaddyGo last edited by DaddyGo
how can I load balance two WAN to get the bandwidth of both as a sum but still redirect all the outgoing traffic over VPN-Server
In case, I am well aware of the "mullvad" OpenVPN capable provider (like most).
Try using the VPN service as a WAN(s)... + Load Balancing
Ergo this will help you (in all question):
or set up your two WAN connections ("existing", -ISP modem something + 4G LTE or whatever) as a gateway group (with load balancing)
and route the traffic of your configured VPN client through this gateway group
as here, only the GW should be the configured gateway group to the VPN interface (or alias)
Thank you very much! I did as you told me and did manage that now everything is running as desired.
I already had set for all my configured VPN client(s) as Gateway my gateway group (multi-WAN load balanced) before.
So then i first updated the pfsense ( i am at 2.50 dev) to latest as for yesterday. But no changes.
After that I saved all the vpn-client settings again chosing again my specific Gateway-group (load balanced). Saved all and applied the changes.
After that i hade the the bandwidth of both ISP and still had the outgoing LAN-Traffic loadbalaned between the vpn-servers.
What i did not understand was what you have suggested with the printscreen of the firewall rules:
I guess that you suggested with that printscreen that i should add a rule for each VPN-Interface to route the traffic explicit through my loadbalanced WAN-Gateway Group or what was your suggestion?
DaddyGo last edited by DaddyGo
i am at 2.50 dev
for now, I don't recommend 2.5 -dev in the production environment... https://redmine.pfsense.org/projects/pfsense/roadmap
stay with 2.4.5-p1 if you want more serious stability...
@ihrewerbung "What i did not understand was what you have suggested with the printscreen of the firewall rules:
I guess that you suggested with that printscreen that i should add a rule for each VPN-Interface to route the traffic explicit through my loadbalanced WAN-Gateway Group or what was your suggestion?"
I use multi-port NICs (I350-T4 and I350-F4) so I can have VPNs on a separate interface and handle them separately according to firewall rules
this is good for the deep network segmentation
Thank you for your fast reply. Now I perfectly understand this with your suggestion (I use multi-port NICs (I350-T4 and I350-F4) so I can have VPNs on a separate interface and handle them separately according to firewall rules). I must admit that I never thought about that but now i see some potential for optimazing!
Of course you are right with 2.5 -dev and 2.4.5-p1 - at the time i switched i had not much of a choice as the issue with the slow Web-Gui forced me to do something. But you are right, i should have switched back by now - but as this is not done as fast as an update i hesitated :-) but it is no excuse.
Once again thank you! You helped me a lot.
I will re-try it on version 2.4.5-p1 as on 2.5 -dev its no working consistently. I would even say its "randomly" if it loadbalances my two WAN-Gateway or not.
Allways after I change settings in Gatewaygroup (even do i dont make any changes) save it and apply it, it will balance and sum up the bandwidth and balance it through my vpn-clients. Same if I save again the OPENVPN-Client-Settings (without changing them and letting my Grouped-WAN in the Interface-settings.) it works for a short while as desired and then falls back to my "primary" WAN-interface.
I could not figure out why this happens. Might eventually be a bug in version 2.50 -dev or just something I messed up in my settings. For now I dont find the problem on my side.
DaddyGo last edited by
on 2.5 -dev its no working consistently.
2.5 is a development snapshot. YES
there is still work to be done on it, as the "road map" shows, so I recommended 2.4.5-p1,
if you still insists to 2.5, many have experience with this version here in the forum and can help
but I do not recommend it for production environments yet, although the date is approaching.....
No, no, i dont insist on the development version.
I am now on a fresh 2.4.5-p1 and testet all the settings again. no change. That means loadbalanced WAN and balanced VPN does not work.
Here some traffic is routet through WAN (ISP DSL-Cable and some over 4G-LTE):
Here: all traffic goes over WAN (ISP DSL-Cable), nothing over 4GLTE Modem. its not balanced or sum up of both).
Example of one VPN-Client-Interfaces. It does not change anything if protocol is UDP or any and IPV4-6.
Here you can see that i route my LTE/4G-Modem with VLAN-Tag on igb0
Gateway-Group for DSL-Modem and LTE/4G-Modem (Trigger is "meber down"):
Gateway-Group for Balancing VPN-Interfaces:(Trigger is "meber down"):
any suggestions? do see where i messed up, if ever? I apperciate any idea.