Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfSense receive LACP over incoming dual WAN connections. Is that possible?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 298 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maartenv
      last edited by

      For my office I have some servers running in a datacenter with a dedicated pfSense machine as a firewall with two seperate 1Gb uplinks, each with its own internet gateway.

      As I need the internet connection to my servers to be redundant, in this situation I believe I can only use the round robin method in the webbrowsers by adding two seperate IP addresses in the DNS records. So the browser will go to the next IP address when one of the connections fails. Or are there other solutions possible?

      Also, the provider can offer LACP over these two connections, which would be nice because then I only have to publish one IP address and there will be no round robin delay before switching to the next IP address when a connection drops or is too busy.

      But this means that pfSense must also be able to receive LACP over the incoming WAN connections but I can not find a way to do this in the webgui. Is there a way to do this as in the Interfaces/LAGGs configuration screen the WAN interfaces are not shown.

      I know how to do this in FreeBSD, but there I need to add commands to /etc/rc.conf and that does not work in pfSense.

      Anybody who can help me with this?

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        @maartenv said in Can pfSense receive LACP over incoming dual WAN connections. Is that possible?:

        Or are there other solutions possible?

        Probably, depends on wether you have the possibility or want to put a device in another location and probably add some latency to the connection. But you could host another e.g. pfsense instance in another location or in the cloud, point your webserver DNS name to that and there use HAproxy to add both IPs of the external webserver IPs as loadbalancer/failover configuration so that would utilize the redundant internet connection. A bit like CDN services.

        That would also be another possibililty: put a CDN service (or sth alike) in front of the webservers, add your rendundant IPs to your webserver to them and have them utilize it.

        But this means that pfSense must also be able to receive LACP over the incoming WAN connections but I can not find a way to do this in the webgui. Is there a way to do this as in the Interfaces/LAGGs configuration screen the WAN interfaces are not shown.

        Should be pretty straighforward if a bit unusual: just add both physical interfaces that are pairs of the LACP bond to a LACP-type LAGG (interfaces/assignment -> Link aggregation / LAGG) and instead of configuring your WAN on the phys interface, use the newly created lagg0 interface.

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.