    I'm looking at setting up a multi wan environment using multiple satellites in a load balancing configuration.  Are there anything preventing me from doing this?  Are there any problems with multiple WANs associated with satellite latency?  Are there any special settings I need to be aware of?  Is there a way to utilize all connections to increase bandwidth during server updates and migrations?

  • The effect you require is called link agregation. Load balancing allows multiple users to make use of multiple connections however in standard apps, only a single connection will be used per request.

    If you want link agregation, you will need to talk to your ISP or use a third party service. PM me if you want a link to a service :)


    Its been a while since I've last posted.  I'm really excited for 2.0Bata.  its also nice to see 1.2.3 release finally out.

    I have finally reached my destination in an extremely remote desert and am trying to get my satellite systems to load balance.  I am watching the traffic on the individual interfaces to see if they are balancing.  I have seen them work properly for short times but cant seem to get them to balance long term.  It always defaults back to the wan interface.  I have used the multi wan load balancing guide for PFsense.  I do have some weird conditions:

    1. I cant change the satellite's lan address.  Therefore they are both on the same subnet, different IPs.  I can navigate to the modems to check their status.
    2. I have a proxy bound to the LAN
    3. I only set up the basic firewall rules to allow traffic to go from LAN to the balance interface and fail over interfaces and all.

    The Load balancer is showing both interfaces operational.

    Where am I going wrong?

    Ok, here is a bit more info.  For kicks, I unplugged the wan interface and lost all web browsing ability.  However, I was able to still skype IM.  I have the DHCP server to use open DNS and the computers are receiving that info.  Please see pics of rules and load balance.

    ![WAN Traf.PNG](/public/imported_attachments/1/WAN Traf.PNG)
    ![Load Bal.PNG](/public/imported_attachments/1/Load Bal.PNG)
    ![Wan Rule.PNG](/public/imported_attachments/1/Wan Rule.PNG)
    ![Lan Rule.PNG](/public/imported_attachments/1/Lan Rule.PNG)
    I thought i found the problem with squid installed, however its still not load balancing reliably.  One systems always seems to handle the entire load.  Is it perhaps that one responds quicker?  I cant figure this one out for the life of me.  Here is to something i thought would be simple…

  • Your graphs show that its working fine. Disable all proxies and go to http://pfsense.org/ip.php

    Hit refresh and the IP will change. If it doesn't then take a look at two resources:


    and http://www.tomschaefer.org/web/wordpress/?p=538

  • I will try this, but the second interface just hovers around 55kbs.  The other one is almost always under constant load.


  • Most packages and the pfsense router it self will only use the WAN interface.

    If you ran bittorent or something p2p you would see both interfaces get saturated almost right away.

  • Here is some more weirdness….

    I turned off the rule allowing lan traffic to any interface and forced it through the load balancing interface.  I loose the ability to browse however, there is some activity still on the modems.  Probably residual from logged settings or a stream that is still downloading.  The Proxy is no longer attached to the lan interface and transparency is turned off.  However, i can get squid to shutdown permanently and i don't want to uninstall it unless i have to.  Snort is of, Clam AV is off, Squid Guard is off, that's all I'm running.

    Any thoughts?

  • Very informative artical, but didn't fix the problem.  I changed the setup in the balancer so that it monitors openDNS.  This is more accurate since it is monitoring the actual internet connection instead of the modem.  Attached is a picture of the balancer log.

    ![Load Bal problems.JPG](/public/imported_attachments/1/Load Bal problems.JPG)
  • Looks like latency is the problem. Its taking to long for the ping to respond so it thinks the link is down.

    I read something in the pfsense book that showed you how to increase that ping timeout.

  • For the first time, I'm hearing something that makes sense.  My usual ping time for Google.com is 800-2000ms.  For whatever reason, the load balancer is getting much higher ping times when pinging opendns.  Can anyone provide a how-to to fix the timeout?

  • For the first time, I'm hearing something that makes sense.  My usual ping time for Google.com is 800-2000ms.  For whatever reason, the load balancer is getting much higher ping times when pinging opendns and a 12% loss rate.  Can anyone provide a how-to to fix the timeout?  Another weird thing is when operating under the load balancer, pages only half load or I will get white web pages or complete time outs.  Sometimes it will timeout with in a couple seconds.

    Thanks very much,

  • I couldn't find a topic with a quick search. I need to get out of here in a sec, so you may be able to find it.

    If not I read it in the pfsense book. Just search for a way to "increase ping timeout load balance". That should point you in a good direction. CMB would know.

  • Well, still struggling with this issue.  I tried 2.0 for a while but the 32 bit version was unstable under my hardware.  64 bit was stable but still too beta for my current environment.  I have now switched back to 1.2.3 and have load balancing working to a degree.  It seems that some packages break it, however im not sure which one is the problem yet.  Under a fresh install it works ok.

    The issue I'm still having is pages failing to load correctly on occasion.  I some times get white pages, incomplete pages, or timeouts all together.  I'm wondering if lack of sticky connections is the problem.  However, if I turn on sticky connections, it breaks things for some reason.  My rules are:

    1. secure connections -> wan2
    2. default LAN-> load balancer
    3. default LAN-> any

    Is my issue still latency?  My numbers are usual around 1300ms.


  • I still think it is all caused by the high latency of the satellites.

    In the pfsense book,

    the command that is checking for a failure is:

    ping -t 5 -oqc 5 -i 0.7 

    This is what may be causing your problems, due to latency.
    It only waits 0.7 seconds between each ping and it waits 5 seconds for a response.

    According to the book these options are user changeable in 2.0 but jimp or cmb know where this setting is held. That would allow you to tweak it in version 1.2.3