Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Exceptions to sticky routing feature on multi-WAN setups

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 539 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      Yoo GmbH
      last edited by

      Dear all,

      We are running pfsense on an appliance with dual WAN (igb0 and igb1) and single LAN (igb3) with load balancing (via same tier routing group) on the WAN side.

      The sticky connection feature works perfectly on „ordinary“ browser connections, but for a cloud upload we would need aggregate bandwidth of both WAN links for a limited period of time (overnight). The cloud upload process uses multiple HTTPS connections, but all of them are routed to the same WAN uplink as they are originating from the same LAN IP/MAC. As it’s HTTPS we haven’t found a way to separate them from “ordinary” browser traffic.

      1. Is there a way to exclude certain target IPs / nets or domain names on the public internet from being routed/tagged through the same WAN connection?
      2. If so, is there a way of limiting this exclusion to certain times?

      I’m thankful for any hint or advice.

      I’ve searched the forum back and forth before posting, please forgive me in case I missed something.

      Y 1 Reply Last reply Reply Quote 0
      • Y
        Yoo GmbH @Yoo GmbH
        last edited by

        Does anybody know if this is possible at all?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Sticky connections is currently a global option. It would be applied to all load-balance gateway groups when they are configured in the ruleset. It's not something you can apply via individual firewall rules or a schedule associated with that.

          However it is actually applied per gateway pool in the ruleset:

          GWLoadBalance = "  route-to { ( pppoe1 x.x.x.x ) ( pppoe0 y.y.y.y )  }  round-robin  sticky-address  "
          

          You could potentially have a second gateway group with the same gateways but without sticky connections applied to different hosts. There is just no way to create that in pfSense from the GUI. You could open a feature request to move that option to the gateway config.
          https://redmine.pfsense.org/

          I can't see any way to achieve that currently beyond something very hacky like loading a custom ruleset with a cronjob.

          Steve

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @stephenw10
            last edited by

            I created one, this seems like it would be a useful feature:
            https://redmine.pfsense.org/issues/12077

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.