Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN Router - but certain traffic (VoIP) restricted to one WAN link?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      victorhooi
      last edited by

      Hi,

      We have a Mars II routing box with pfSense 2.1 installed on it.

      We have two ADSL2+ modems connected into it.

      Previously, we were using gateway groups to load-balance between the two modems. However, we found this caused issue for VoIP phones connected through pfSense, as they couldn't deal with the switchover.

      We've now changed the gateway group so that it uses one modem, and only fails-over to the other one.

      However, we'd like to use the load-balancing if we could.

      Is there some way in pfSense to easily setup some kind of routing rules so that the VoIP is locked specifically to one WAN connection, and other traffic goes through a load-balanced gateway group?

      Can you do this by automatically tagging the VoIP traffic somehow, or do you need to setup VLANs, or specific IP ranges?

      Cheers,
      Victor

      1 Reply Last reply Reply Quote 0
      • G
        galaxy60
        last edited by

        Hello,

        If you create a seperate VLAN for your VoIP phones on the firewall rules change the gateway on the default out rule to a specific VLAN also if you are running pfSense 2.1 enable the reset states on gateway failure this will force your SIP trunks to re register using the new gateway.

        ;D

        1 Reply Last reply Reply Quote 0
        • R
          Reiner030
          last edited by

          @victorhooi:

          Is there some way in pfSense to easily setup some kind of routing rules so that the VoIP is locked specifically to one WAN connection, and other traffic goes through a load-balanced gateway group?

          Can you do this by automatically tagging the VoIP traffic somehow, or do you need to setup VLANs, or specific IP ranges?

          Cheers,
          Victor

          that should be one of the easy tasks… you can setup 2 different "modes"

          • use gw group for loadbalancing of normal traffic, use only gateway x for VoIP traffic

          • create 2 gateway groups,

            • one for loadbalancing (gw x/y same tier1)

            • one for VoIP failover (gw x as tier1, gw y as tier2)

          Then you need to setup LAN firewall rules which fits your VoIP traffic and your other traffic…
          You can detect your VoIP traffic in different ways.
          a) all traffic which goes to IP a.b.c.d / network a.b.c.d/x
          b) all traffic which is UPD, Port 5060 for SIP and Port xx - yy for RTP media  (Asterisk based PBX uses often 10.000-20.000 for it, 4.000-4.999 for T.38)
          c) all traffic which comes from local IPs (phone1, phon2, ... phoneN)

          but nicer and a little more "secure" would be to setup an own VLAN for your phone network and then route it with one rule ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.