Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two adsl connections separate buildings

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 6 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      molesza
      last edited by

      @Ecnerwal:

      Dig trenches and lay fiber. 9000 times better in so many ways. I have done it both ways, and fiber is so much better.

      You CAN do the VLAN approach. Over Wireless links, it's simply going to stink, IME. You claim to have good links, perhaps you will be happy enough with it.

      OK, You don't grasp the VLAN approach. No shame in that. It's kind of an odd idea to get your head around the first time.

      A VLAN Switch can divide up its ports into "Virtual LANS" - identified by number.

      So, A VLAN Switch at the third building would have most of its ports as the default LAN (Say, VLAN 1) and a port as the second WAN (Say, VLAN 97)

      Then the port that is connected to the wireless link would be assigned to both 1 and 97, and packets leaving that port would be "Tagged" - identified which VLAN they are associated with. The other ports would typically be "Untagged" with VLAN information removed from packets.

      The switch in the second building would have two "Tagged" ports - one for the link to third, one for the link to first.

      The switch in the first building would have a "Tagged" port for the link to second, and an untagged port on VLAN 97 for connection to a second WAN interface on your PFSense - or a tagged port for VLAN97 and VLAN 42, if VLAN 42 is connected to the first building WAN, and you are using VLAN in the pfsense (potentially confusing - basically there are several options that work, depending how you set it up.)

      In all three buildings, the LAN is on VLAN1.

      The VLANs act as "virtual wires" to get the WAN connection over your links and through your switches, while the LAN traffic is also travelling over the same links, without the two interacting (other than they will both take up link space.) VLANs primarily depend on the network switches, which have to be VLAN aware, or capable. Most "managed" switches are. Unmanaged switches are not. If you don't have managed switches, you'll need to buy some.

      If I have the two switches set up in this way in both buildings do I need to configure Pfsense in any way? or just plug the cable for Vlan with modem connection directly to PFsense WAN nic? Will pfsense be blind to this and just basically see a connection straight connection to the modem in the other building?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It depends how many ports you have in the pfSense box. If you have spare NICs you can do all the VLAN configuration in your switches and the pfSense box will just see it as a cable directly to the modem. If you don't have spare NICs you can bring all the VLAN traffic into the pfSense box and separate it to different interfaces in software.

        Steve

        1 Reply Last reply Reply Quote 0
        • E
          Ecnerwal
          last edited by

          @molesza:

          @Ecnerwal:

          The switch in the first building would have a "Tagged" port for the link to second, and an untagged port on VLAN 97 for connection to a second WAN interface on your PFSense

          If I have the two switches set up in this way in both buildings do I need to configure Pfsense in any way? or just plug the cable for Vlan with modem connection directly to PFsense WAN nic? Will pfsense be blind to this and just basically see a connection straight connection to the modem in the other building?

          Yes, if set up the way I left in this quote snippet - two physical WAN interfaces on the pfsense. All the VLAN stuff handled in the switches in this case.

          pfsense is VLAN aware (NIC must also be VLAN aware/capable) so it can also be done as I added to be complete, with the caveat that it could be confusing:

          @Ecnerwal:

          • or a tagged port for VLAN97 and VLAN 42, if VLAN 42 is connected to the first building WAN, and you are using VLAN in the pfsense (potentially confusing - basically there are several options that work, depending how you set it up.)

          Here you have, on switch one (numbers are just to have some concrete numbers - the particular numbers don't have any special meaning) The building 1 WAN connected to a switch port on VLAN 42, and the pfsense WAN port connected to a tagged port that's on both 97 and 42. In the pfsense you assign 97 to WAN2 and 42 to WAN1. The pfsense is then connected to both WANs, but over a single wire. In general, I'd prefer the two physical NICs approach unless the pfsense could not hold another NIC - it provides a little bit of redundancy from NIC or cable failure - but it's not that much, really.

          pfSense on i5 3470/DQ77MK/16GB/500GB

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            Considering fiber, managed switchs and VLANs?  Smart.  You will be glad you did that over wireless.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.