MultiWan and static routes

ethermcman · Apr 17, 2013, 1:30 PM

Hello,
I'm configuring a multiwan pfsense which works when a gateway fall down or get high latency.
But for access some specifics IP, I have to route them to a CISCO VPN gateway which resides on LAN.
The pfsense box is correctly routed but lan computers not.
Any ideas?

ethermcman · Apr 17, 2013, 3:08 PM

I've forgotten the auto-added policy routing negation rule…
So,
I added a LAN rule like follows:
source any dest myspecificsips gw default
I placed it at first rank
But it's a no go...

jimp · Apr 17, 2013, 4:39 PM

The rule without a gateway set should be all you need.

Though be careful, especially with ping, that no connection states are left over from the old connection (either reset states or search/delete on Diag > States) or else it'll keep going the way it was going before.

ethermcman · Apr 18, 2013, 6:36 AM

Still no luck…
I'm using sticky connection, bypass firewall rules for traffic on same interface, allow default gateway switching from the advanced panel tweak.
NAT was left as is, outbound generation on automatic.
I'm quiet lost...
Here my firewall rules

![Sans titre.png](/public/imported_attachments/1/Sans titre.png)
![Sans titre.png_thumb](/public/imported_attachments/1/Sans titre.png_thumb)

ethermcman · Apr 18, 2013, 8:45 AM

What I've tested:

disable bypass for traffic on same interface > packets to my local gateway are evaluated now by the firewall
disable sticky connections > no more holded states
disable the firewall rule that passes all traffic to the multi wan and set it o default gateway > that way it worked but I think it's supposed to do so
created a floating rule with quick option that passes my static routed destinations to the local gateway > no way > firewall log shows me that it has handled the connection but tracert is still wrong
change automatic outbound to manual and leave rules as is > no go

I'm completly lost…

ethermcman · Apr 18, 2013, 9:31 AM

My actual version
Version 2.1-BETA1 (amd64)
built on Thu Apr 11 17:01:45 EDT 2013
FreeBSD pf-mgw.rminformatique.local 8.3-RELEASE-p7 FreeBSD 8.3-RELEASE-p7 #1: Thu Apr 11 17:39:23 EDT 2013 root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64

ethermcman · Apr 18, 2013, 12:52 PM

My bad!!! ;D
I've left protocol to TCP in my "routed rule"….
Now it's correctly routed!

But now, I'm facing a new trouble : RDP connections get disconnected after 30 seconds or less and so on for Citrix connections...
Any ideas?

Thanks for any help!

ethermcman · Apr 18, 2013, 2:34 PM

Upload files from a web browser too…
The cut window is about 30 seconds.
I can't get it work properly.

Any ideas?

ethermcman · Apr 18, 2013, 2:50 PM

Here my current configuration:

WAN 1 PPPoE
WAN 2 Static
WAN 3 Static
Multi Wan group with high latency + packet loss
LAN subnet 192.168.1.0/24
LAN Gateway 192.168.1.13
routed network 194.5.132.0/24

Firewall rules:

pass any to any any_proto to defaultgw > static routes
pass all Lan subnet traffic to the MultiWan > all the rest

NAT :

port forward = empty
1:1 = empty
outbound = manual outbond with defaults rules generated

Advanced:

sticky connections activated, value 0
allow default gateway switching
bypass firewall rules for traffic on the same interface

That's all…
Connections get reseted after 30 secs all protocols : RDP, HTTP, FTP, HTTPS

Advices?

ethermcman · Apr 19, 2013, 6:24 AM

Hi guys,
I know that a forum is not a hotline or paid support or whatever but 116 views and just one answer, how can I say it? Weird?
If someone have some piece of humankind or charity or maybe some pfsense skills that I in my situation don't have, can he spread a line here?
I don't what to think, a bug, a misconfiguration but some help would be really appreciated.

Thanks!