Multi-WAN Router - but certain traffic (VoIP) restricted to one WAN link?



  • Hi,

    We have a Mars II routing box with pfSense 2.1 installed on it.

    We have two ADSL2+ modems connected into it.

    Previously, we were using gateway groups to load-balance between the two modems. However, we found this caused issue for VoIP phones connected through pfSense, as they couldn't deal with the switchover.

    We've now changed the gateway group so that it uses one modem, and only fails-over to the other one.

    However, we'd like to use the load-balancing if we could.

    Is there some way in pfSense to easily setup some kind of routing rules so that the VoIP is locked specifically to one WAN connection, and other traffic goes through a load-balanced gateway group?

    Can you do this by automatically tagging the VoIP traffic somehow, or do you need to setup VLANs, or specific IP ranges?

    Cheers,
    Victor



  • Hello,

    If you create a seperate VLAN for your VoIP phones on the firewall rules change the gateway on the default out rule to a specific VLAN also if you are running pfSense 2.1 enable the reset states on gateway failure this will force your SIP trunks to re register using the new gateway.

    ;D



  • @victorhooi:

    Is there some way in pfSense to easily setup some kind of routing rules so that the VoIP is locked specifically to one WAN connection, and other traffic goes through a load-balanced gateway group?

    Can you do this by automatically tagging the VoIP traffic somehow, or do you need to setup VLANs, or specific IP ranges?

    Cheers,
    Victor

    that should be one of the easy tasks… you can setup 2 different "modes"

    • use gw group for loadbalancing of normal traffic, use only gateway x for VoIP traffic

    • create 2 gateway groups,

      • one for loadbalancing (gw x/y same tier1)

      • one for VoIP failover (gw x as tier1, gw y as tier2)

    Then you need to setup LAN firewall rules which fits your VoIP traffic and your other traffic…
    You can detect your VoIP traffic in different ways.
    a) all traffic which goes to IP a.b.c.d / network a.b.c.d/x
    b) all traffic which is UPD, Port 5060 for SIP and Port xx - yy for RTP media  (Asterisk based PBX uses often 10.000-20.000 for it, 4.000-4.999 for T.38)
    c) all traffic which comes from local IPs (phone1, phon2, ... phoneN)

    but nicer and a little more "secure" would be to setup an own VLAN for your phone network and then route it with one rule ;)