Simple Multi-wan wont work in VMware.



  • I'm having a seemingly strange issue with PFsense 2.0 that prevents me from using a second WAN connection.

    I want a simple loadbalance/failover with 2 connections. I am running PFsense in VMware 1.x with the interfaces bridged to ethernet cards.

    For some reason PFsense will only work with a connection if it is the first WAN interface. I've tried switching le1 and le2 along with their respective ip's and gateways, but whatever connection is on WAN2 always wont work.

    Also, the firewall is reporting a few blocked packets on WAN2 even though the connection is "down". I've tried pinging from WAN2, but it reports 100% loss.

    Here is my settings. Most other settings are at default. At the time of this post im at the latest release.

    Thanks!

    http://img146.imageshack.us/i/interfaces.png/
    http://img688.imageshack.us/i/gateways.png/
    http://img806.imageshack.us/i/gatewaygroups.png/
    http://img98.imageshack.us/i/statusgateways.png/
    http://img651.imageshack.us/i/lanrules.png/
    http://img857.imageshack.us/i/firewalllog.png/



  • I'm not familiar with multiple gateways but your two WAN interfaces and gateways are all in the same subnet hence either interface can be used.  Imagine you are pinging gateway 2. Then since its on the same subnet as WAN1 the ping can be sent over WAN1 which won't help if WAN1 has no connectivity to gateway2 except through WAN2.

    I suspect you need a rather longer network mask on WAN1 and WAN2.



  • Not that is really applies to your problem, but you might really want to reconsider using pfsense (or any firewall) in vmware server, especially version 1. vmware isn't too my knowledge updating that product anymore, plus you have potential security issues from the host OS as well. You really want to stick to the bare metal hypervisors (esxi, xenserver etc) for this kind of thing.



  • @wallabybob:

    I'm not familiar with multiple gateways but your two WAN interfaces and gateways are all in the same subnet hence either interface can be used.  Imagine you are pinging gateway 2. Then since its on the same subnet as WAN1 the ping can be sent over WAN1 which won't help if WAN1 has no connectivity to gateway2 except through WAN2.

    I suspect you need a rather longer network mask on WAN1 and WAN2.

    Seems to have fixed my issue ;D

    I've been trying to figure this out on and off for a week, total "doh!" moment when I resolved it.

    @dave99:

    Not that is really applies to your problem, but you might really want to reconsider using pfsense (or any firewall) in vmware server, especially version 1. vmware isn't too my knowledge updating that product anymore, plus you have potential security issues from the host OS as well. You really want to stick to the bare metal hypervisors (esxi, xenserver etc) for this kind of thing.

    Makes sense, I'm not too familiar with virtualization so I just wanted something simple to get my feet wet. I'll look into it for my final configuration of this network.

    Thanks again for the help!


Log in to reply