Dual Wan : some questions



  • Hello,

    I'm planning to go for PFsense, some of my clients need failover.
    While i'm waiting for my second ADSL Line at home, i'm made some proof of concept with VMWare (4 VM on separated virtual LAN with IPCOP, SmoothWall, PFsense, Windows XP to test).

    I have two WAN, i made some test, loadbalacing is OK (a lot of tracert show that first gateway change).
    If i kill my WAN1, all the traffic still pass through pfsense by WAN2.
    When my WAN1 is back, LoadBalancing is back too.
    I made de the FTP Trick (127.0.0.1), and i can connect to FTP Server on Internet.

    So at this time, just a big thanks, it works !

    Now my trouble:

    • i tried to make a policy to route specific traffic. I read a lot of post on this forum, and i suppose that i will have problem with HTTPS so i made one test rule, ICMP always by WAN1. It work my ping always use WAN1… But if i shutdown WAN1, no more ping...
      May be it's normal... May be not... I just want to use my WAN2 when my WAN1 is down...
    • what about VPN IPSEC ? Could i failover it ? Making one link on WAN1 but if my WAN1 drop, the WAN2 will established the connection ?

    Thanks.

    Guldil



  • Atm an intrface failover (use WAN and if that is down use WAN2) is not possible. It only works to detect dead links in a loadbalancing pool and exclude them from the balancing for the time that they are down. The kind of failover you are lokking for is a feature that already is on the featurelist for things to be done in one of the next version and we already did some proof of concept backendhacking during last years hackathon. There is no timeframe for this feature though.



  • Thanks for the fast reply Hoba.

    Any info about another software available with that type of feature ?

    While waiting for pfsence, I have RV082/042 Linksys to test  :)



  • Not that I know of. At least if you are looking at free opensource software.



  • I didn't find any software commercial products with theses features.

    The only hardware capable that i found, it's from a french manufacturer :

    http://www.bewan.com/bewan/products/bsecurellx/index.php

    Look like with theses models you could get FailOver and LoadBalancing for VPN on MultiWAN, but i think it will only work if all the VPN gateways are from Bewan  ;)


Log in to reply