Multi-WAN with 1 WAN interface and two gateways
-
I have a pfsence server with 1 LAN, 1 OPT, and 1 WAN interface. On the WAN side I have two different IP’s on the same subnet that lead to different ways out to the internet. Here is what I have done so far.
- Added gateways for both gateway servers (gateway 1 and gateway 2)
- Created a routing group called “Outbound” with both gateways in it
- Changed my LAN firewall rule to have my Gateway set to “Outbound”
While both gateways are up this pfsense server sends data to gateway 2 which is what I would expect as gateway 1 has a lot of data going through it already and the RTT is higher than gateway 2. My issue is if gateway 2 reboots the clients on the LAN have everything stop working until gateway 2 comes up. I would expect that when gateway 2 fails the pfsence server would go to gateway 1. To give a little more specifics I will give you some IP’s to try to explain.
Pfsence LAN – 172.16.1.1
Pfsence WAN - 192.168.1.5
Gateway 1 – 192.168.1.1
Gateway 2 – 192.168.1.7One thing I have noticed is when I look under WAN under Interfaces I have a default gateway and it is not “Outbound”. If I try to take out the gateway from the WAN interface all traffic stops.
Anyone have any thoughts on what I might be able to do to fix this?
-
Really need to keep it to one gateway per WAN, you create all kinds of routing and return routing complications otherwise. It's doable but a mess of floating rules, being careful with reply-to, really have to know what you're doing. Putting one of the gateways on a different NIC and subnet will make things easy.
-
I do not have the NIC's to make that happen. Any tips on reading up to make the 1 WAN two gateways work?
-
There isn't any documentation on that. Short of learning everything about PF's route-to and reply-to. You're in for a ton of work. Even at that, it's not possible to fully address. Put in a small VLAN-capable switch and save yourself a huge amount of trouble.