Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN and router traffic clarification

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      Wizo
      last edited by

      Hi everybody,

      I need clarification about how traffic that originated from a pfSense (example OpenVPN connection) is managed.

      In a setup with two WAN interfaces without gateway and policy based routing, I can ping remote site from LAN computer, but if I try ping in pfSense's shell (via SSH) I got "no route to host". Indeed the two OpenVPN client connections configured on the same machine are not working.

      Keeping in mind that I need policy routing for splitting VPN connections and Failover Group for giving internet access to LAN computers, I have to setup two different machines (MultiWAN access and VPN routing) or there is a way to have a working configuration on a single pfSense?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • W Offline
        Wizo
        last edited by

        Since no one has replied, I believe it is not possible to have everything on a single machine, due how works pf itself.

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by

          If you have no default gateway, then the ordinary routing table will have no route to "general public internet", so ping from pfSense itself will not work.
          The traffic arriving on LAN, if it matches a policy route that feeds it into a gateway or gateway group will work - it is specifically sent on a particular route, not to the ordinary routing table.
          If you have multiple VPN links that connect to VPN servers in various places and you want to use those pipes for various traffic to get to the internet, then you should be able to put rules on LAN that match the traffic you want and feed it to the appropriate VPN gateway. You do need to assign an interface to each VPN to do this.
          Give detail of what you want to do and I expect it can be done.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • W Offline
            Wizo
            last edited by

            Thank you for reply phil.davis,

            I have attached diagrams of the system that I'm trying to build up: two pfSense configuration works, one pfSense not works.

            PFS POS has two WAN interfaces (WAN1, WAN2) in failover group and two VPN connections (VPNPRY, VPNBCK) to headquarter office.

            The PC has "PFS POS" as default gateway and must use it for internet navigation and for communication with HQ Server (via VPN); VPN routing is managed by Quagga OSPF and I need to have VPNPRY on WAN1 and VPNBCK on WAN2.

            twoPFSenseWork.png
            twoPFSenseWork.png_thumb
            onePFSenseNotWork.png
            onePFSenseNotWork.png_thumb

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.