Pfsense and wireless router having problems with https
-
Greetings all,
I have a pfsense 1.2.3 router setup to handle my 5 incoming connections (3 cable, 1 wireless, 1 DSL) in a load balancing failover routine. Connected to the system is a linksys wireless router to handle the wireless clients in my office and to go out of my links to the internet.
The network is setup as a 10.1.1.x/24 layout with the wireless router given an ip of 10.1.1.9 plugged into the wired internet port of the router and the swtich with nvlan tagging turned on.
We can get to the internet through the wireless ap as well as access any and all resources on the LAN through it. The router scheme is 10.1.2.x/24 with dhcp turned on for the wireless clients.
The problem that we are experiencing is the fact that when we go to https sites and log in . The sites immediately dump from logged in to re-log in. Sites like Vonage and other secure sites are acting like the https isn't there and that the request to log ins aren't valid even though it takes them at first and then changing the page the website requires us to log in again. Under the pfsense rules 443 is enabled and allowed for the wireless ip of 10.1.1.9 and it is basically unfiltered by pfsense for access.
any ideas what could be causing this ?
I have tried it with every browesr (firefox, i.e., chrome) and 3 different wireless devices on the network and they are all creating the same problem.
I am thinking that because we are in a round robin and failover routine that the ip address for each request is changing and its confusing the websites so they don't understand the sessions and since the ips are different that it is requiring a relog in each time because that IP is no longer associated to the session?
Thanks
John -
+1
-
Your last point was correct. Some sites enforce an IP:login relationship. If you load balance HTTPS, then those sites will fail if any part of the connection goes across the "wrong" wan.
Use a failover group for HTTPS instead of load balancing, or perhaps try enabling sticky connections under System > Advanced on the Misc tab under Load Balancing.
