MultiWan - Second Wan not connecting

  • Hello.

    Two weeks ago I got a second Wan connection. Problem is, I cannot browse using the second Wan. I cannot even ping the Wan Address!

    Pfsense Setup: Pfsense -> Cisco Router -> Internet

    • If I connect the lapop to the router and assign the same IPs as assigned in Pfsense, I can ping the Router's Internal Lan, the Wan Address and I can Google etc. So it works from the laptop but it doesn't work from the pfsense box.

    • Also, if I connect Pfsense directly to the internet and assign it the public IPs, it still cannot connect! However, if I do that with my laptop, I can connect….

    Please assist….where could I be going wrong?


    Currently running on Pfsense version 1.2.3 on PC

  • Just to add more info:

    General Setup:
    DNS 1: I've set it to use the DNS for WAN1
    DNS 2: I've set it to use the DNS for WAN2 (2nd Connection)

    I've already assigned the interfaces to the respective NIC cards

    I've setup NAT on WAN2 and the forwarded ports are working as I can access them from the internet. So incoming traffic is also okay.

    So everything works apart from GOING OUT of WAN2. Can't ping, can't browse.

    Is it a firewall issue? A NAT issue? or what could it possibly be?

    If you need more information, please let me know.


  • Exactly how do you want to use the secondary connection? Load balance? Failover? Specifically for a secondary network? (I.e. you have two internal networks and you want Network A to use the primary connection, and Network B to use the secondary)

  • Hi. Am back again trying to configure MultiWan because I don't want to be forced to buy Cyberoam. Here is what I've done and screenshots:

    I have installed pfsense 1.2.3. I want to configure load balancing and failover. I have gone through the setup guide

    First: I cannot be able to ping beyond my default gateway (e.g.  if I try to ping -openDNS IP) from WAN2, it doesn't work
    Second -And driving me to tears!: If WAN1 goes down, OPT1 (WAN2) goes down to :-(

    Attached are screen shots showing what I've done:

    First Image: Shows when all cables are inserted in their respective NIC cards
    Second Image: Shows when I unplug the WAN cable. Here you see that All links go down. Why should they all go down?

    I have tried interchanging the IP addresses on the WAN1 and WAN2 and always, the configuration on WAN2 fails to work. What could I be missing? Please assist.



    ![Load Balance 1.png](/public/imported_attachments/1/Load Balance 1.png)
    ![Load Balance 1.png_thumb](/public/imported_attachments/1/Load Balance 1.png_thumb)
    ![Load Balance 2.png](/public/imported_attachments/1/Load Balance 2.png)
    ![Load Balance 2.png_thumb](/public/imported_attachments/1/Load Balance 2.png_thumb)

  • You most probably forgot to add the static route for your second DNS server as described under

    What did you configure as monitor IP?
    It should be something a hop or two away from you (a router from your ISP might be a good choice).

  • Hi.

    Thanks for the reply. I have added the static routes as shown in the attachment below.

    The Monitor IPs are DNS server IPs from my two ISPs.

    NB: From the initial install -even before configuring Load balancing etc- WAN2 never pings beyond its default gateway. Could that be the cause of the load balancing issue? If so, what could I have missed in setting up WAN2?


    ![Static routes.png](/public/imported_attachments/1/Static routes.png)
    ![Static routes.png_thumb](/public/imported_attachments/1/Static routes.png_thumb)

  • No this is how it's supposed to be.
    You cannot use the ping utility included in pfSense for multiWAN (there is a note telling you this).
    The pfSense itself cannot make use of the second WAN, unless you force specific destinations out to the second WAN. (That is the reason why static routes are needed for additional WANs)
    If you ping from behind the pfSense, you can only ping destinations for which you created a static route pointing to the second gateway.

    So if you create a static route on WAN2 for the destination with as gateway your WAN2 gateway and you ping this IP from behind the pfSense, it will go out WAN2. (If you have in your firewall rule as gateway *).

    EDIT: The screenshot you posted doesn't seem right.
    The DNS servers should be single addresses (/32) and not whole networks.

    Also, did you uncheck the "allow DNS server to be overridden by DHCP on WAN" ?

  • Hi.

    Thanks once again for the reply.

    Yes, I had UNchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN"

    I've changed the static routes to be a single DNS. Behind pfsense from a LAN machine, I can ping the Set Static IP.

    When Wan1 and Wan2 are connected. Everything works fine and I can browse from a LAN PC. When I disconnect WAN1, I cannot browse and Load Balance Status shows "Warning" in WAN2.

    Please see the attached pictures for the settings as they are.


    ![Override DNS Server - unchecked.png](/public/imported_attachments/1/Override DNS Server - unchecked.png)
    ![Override DNS Server - unchecked.png_thumb](/public/imported_attachments/1/Override DNS Server - unchecked.png_thumb)
    ![Static routes_rev1.png](/public/imported_attachments/1/Static routes_rev1.png)
    ![Static routes_rev1.png_thumb](/public/imported_attachments/1/Static routes_rev1.png_thumb)
    ![load balance config.png](/public/imported_attachments/1/load balance config.png)
    ![load balance config.png_thumb](/public/imported_attachments/1/load balance config.png_thumb)
    ![Load Balance - With both WAN1 and Wan2 Connected.png](/public/imported_attachments/1/Load Balance - With both WAN1 and Wan2 Connected.png)
    ![Load Balance - With both WAN1 and Wan2 Connected.png_thumb](/public/imported_attachments/1/Load Balance - With both WAN1 and Wan2 Connected.png_thumb)
    ![Load Balance - With WAN1 DISCONNECTED.png_thumb](/public/imported_attachments/1/Load Balance - With WAN1 DISCONNECTED.png_thumb)
    ![Load Balance - With WAN1 DISCONNECTED.png](/public/imported_attachments/1/Load Balance - With WAN1 DISCONNECTED.png)


    OK. After like 40 seconds, WAN2 is now showing as "Online" even when I disconnect WAN1. See screenshot. At least that is some positive progress.

    Problem is, I cannot browse when WAN1 is down. WAN2 shows its online but I cannot browse from a LAN PC. Any hints?


    ![Load Balance - With WAN1 DISCONNECTED_Rev1.png](/public/imported_attachments/1/Load Balance - With WAN1 DISCONNECTED_Rev1.png)
    ![Load Balance - With WAN1 DISCONNECTED_Rev1.png_thumb](/public/imported_attachments/1/Load Balance - With WAN1 DISCONNECTED_Rev1.png_thumb)

  • Did you create a firewall rule which actually uses the balancing pool?

    Are your computers using the pfSense as their DNS server?

  • This problem for DNS. I had this kind of problem before. Just ceck your second modem/router DNS setting. I had a modem which has this problem. this problem is not from pfsense side…

  • He's not using his second modems internal DNS server/forwarder, but his ISPs DNS server directly.
    I don't think that this is the issue here.


    I give you some example.

    When I use that modem/router without pfsense. i never can use internet unless i put dns manually on my each computer.

    that modem only works if i use it as a bridge mode with pfsense….that time i didnt need to put dns manually on my each computer. My English is not good. I hope i could tell you. what i wanted to tell you. thank you.

  • @GruensFroeschli:

    Did you create a firewall rule which actually uses the balancing pool?

    Are your computers using the pfSense as their DNS server?

    Good news & confusing news.

    Good news first. Got the configuration working! The last missing bit was adding a firewall rule with the "Loadbalance" as the gateway. And yes, PCs are using Pfsense as the DNS.
    With that, I was able to browse from a LAN PC behind pfsense when WAN1 was down. I ran that for like 30 minutes just to be sure that I was browsing from WAN2. I shut down, restarted and it still worked. So I guess am good to go. Thanks GruensFroeschli for the help!

    Confusing News
    Once I connect the WAN, I see some INSANE SPEEDS of 75Mbps!!! What on earth is that?
    The current setup is that am working on a test setup of pfSense. When the LoadBalancing works, I will deploy it as the main Pfsense Installation.  For the test though, the Test Pfsense sits in a LAN which has an existing Pfsense installation. (See Network Diagram below -Test Bench.png)

    So in my test environment I have:
    –> LAN:
    --> WAN1: (This connects to the existing LAN which is connected to our first ISP)
    --> WAN2: (This connects to the second ISP that we got)

    So the issue is, with WAN1 and WAN2 now working, I get Extremely high traffic on the Test Pfsense (Insane Speeds.png) and the Main pfsense installation (Status Graph - Pfsense Main.png). And NO, am not downloading anything from the network. The traffic is all Local because when I check on the WAN for MAIN pfsense installation, it does not show high speeds. The LAN though has got 90MBps and all other workstations cannot access the network.

    Any ideas?


    ![Test Bench.png](/public/imported_attachments/1/Test Bench.png)
    ![Test Bench.png_thumb](/public/imported_attachments/1/Test Bench.png_thumb)
    ![Insane Speeds.png](/public/imported_attachments/1/Insane Speeds.png)
    ![Insane Speeds.png_thumb](/public/imported_attachments/1/Insane Speeds.png_thumb)
    ![Status Graph - Pfsense Main.png](/public/imported_attachments/1/Status Graph - Pfsense Main.png)
    ![Status Graph - Pfsense Main.png_thumb](/public/imported_attachments/1/Status Graph - Pfsense Main.png_thumb)

  • Update
    Also attached is a screen shot of PFtop showing what happens when I plug in WAN1 or WAN2 Nic cards on my Test Pfsense. Can you deduce anything from it?

