Load balancing for everything except VPN
-
Hi all, I have a pretty reliable broadband service from BT in the UK. It's fibre to the cabinet with the last leg on copper, and I get about 70MB/s down, 19MB/s up. They have what I would describe as a bonded failover to 4G. This means that independently of anything going on with pfSense, it will fail over to 4G with the same public IP address. There's usually a bit of downtime, and sometimes I have to nudge it, but it's pretty good. It then switches back shortly after the wired connection goes live again. The BT router has pfSense WAN in its DMZ.
This provides an excellent platform for our OpenVPN server to run with continuity and simplicity.
With 20-30 users internal and external, this bandwidth is plenty most of the time, unless updates or backups are saturating the line. So I would like to implement a secondary connection of similar speed, and load balance between them. Ideally all the VPN clients would connect only through the primary connection, but any other traffic would be fully load balanced between the two connections.
Can anyone tell me if this is feasible?
Many thanks.
-
@pimpmyrouter If you
- set up your secondary connection and then create a gateway group with both WANs set as "Tier 1", and then
- make a firewall rule on your LAN above the final/default rule as a catch-all specifying traffic != (whatever port or transit subnet your openVPN uses)
- manually choose the GW group as the gateway for that rule (under Advanced), and then
- add an outbound NAT rule that round-robins the 2 WAN IPs (create & use an alias) -- see https://docs.netgate.com/pfsense/en/latest/nat/outbound.html
...it should do what you want.
-
@luckman212 Super, thank you. I will have to get my head around some of that, but it's the basis to get the 2nd line installed so I can even test it.