MultiWan and static routes

ethermcman

Hello,
I'm configuring a multiwan pfsense which works when a gateway fall down or get high latency.
But for access some specifics IP, I have to route them to a CISCO VPN gateway which resides on LAN.
The pfsense box is correctly routed but lan computers not.
Any ideas?

ethermcman

I've forgotten the auto-added policy routing negation rule…
So,
I added a LAN rule like follows:
source any dest myspecificsips gw default
I placed it at first rank
But it's a no go...

jimp

The rule without a gateway set should be all you need.

Though be careful, especially with ping, that no connection states are left over from the old connection (either reset states or search/delete on Diag > States) or else it'll keep going the way it was going before.

ethermcman

Still no luck…
I'm using sticky connection, bypass firewall rules for traffic on same interface, allow default gateway switching from the advanced panel tweak.
NAT was left as is, outbound generation on automatic.
I'm quiet lost...
Here my firewall rules


ethermcman

What I've tested:

• disable bypass for traffic on same interface > packets to my local gateway are evaluated now by the firewall
• disable sticky connections > no more holded states
• disable the firewall rule that passes all traffic to the multi wan and set it o default gateway > that way it worked but I think it's supposed to do so
• created a floating rule with quick option that passes my static routed destinations to the local gateway > no way > firewall log shows me that it has handled the connection but tracert is still wrong
• change automatic outbound to manual and leave rules as is > no go

I'm completly lost…

ethermcman

My actual version
Version 2.1-BETA1 (amd64)
built on Thu Apr 11 17:01:45 EDT 2013
FreeBSD pf-mgw.rminformatique.local 8.3-RELEASE-p7 FreeBSD 8.3-RELEASE-p7 #1: Thu Apr 11 17:39:23 EDT 2013 root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64

ethermcman

My bad!!! ;D
I've left protocol to TCP in my "routed rule"….
Now it's correctly routed!

But now, I'm facing a new trouble : RDP connections get disconnected after 30 seconds or less and so on for Citrix connections...
Any ideas?

Thanks for any help!

ethermcman

Upload files from a web browser too…
The cut window is about 30 seconds.
I can't get it work properly.

Any ideas?

ethermcman

Here my current configuration:

• WAN 1 PPPoE
• WAN 2 Static
• WAN 3 Static
• Multi Wan group with high latency + packet loss
• LAN subnet 192.168.1.0/24
• LAN Gateway 192.168.1.13
• routed network 194.5.132.0/24

Firewall rules:

• pass any to any any_proto to defaultgw > static routes
• pass all Lan subnet traffic to the MultiWan > all the rest

NAT :

• port forward = empty
• 1:1 = empty
• outbound = manual outbond with defaults rules generated

Advanced:

• sticky connections activated, value 0
• allow default gateway switching
• bypass firewall rules for traffic on the same interface

That's all…
Connections get reseted after 30 secs all protocols : RDP, HTTP, FTP, HTTPS

Advices?

ethermcman

Hi guys,
I know that a forum is not a hotline or paid support or whatever but 116 views and just one answer, how can I say it? Weird?
If someone have some piece of humankind or charity or maybe some pfsense skills that I in my situation don't have, can he spread a line here?
I don't what to think, a bug, a misconfiguration but some help would be really appreciated.

Thanks!