MultiWAN with 2 X PF LAN CARP HA and 2 X ADSL Modem for WANS - possible?



  • We would like to run 2 X PF boxes in H/A with CARP on the LAN side, with MultiWAN over 2 X ADSL Modems using PPPoA/PPPoE.

    If we weren't H/A it would simply be a matter of connecting each DSL modem to WAN1 and WAN2 interface on the one PF box and job done.

    With two PF boxes, as we are using modems with PPPoA/PPPoE - we have to connect one modem directly to PF1 and the other directly to PF2.

    However as we are H/A using CARP - PF1 is master, and PF2 is backup with regards to the LAN gateways VIP IP.

    In this setup - I don't think it would be possible to get multi WAN routing people from the LAN on PF1 to WAN2 on PF2. Likewise, if PF1 failed and the VIPs switches to PF2, users would not be able to get out via WAN1 on PF1, only WAN2 on PF2. It it worked, it wouldn't be stateful surely?

    We have replaced the ADSL modems with ADSL routers, we send the ADSL routers LAN to a new WAN CARP VIP shared between PF1 and PF2, and this works fine, however now we have double NAT going on.

    Does anyone know if there any clean way you can do H/A & MultiWAN using PPPoE Modems like this?

    I have configured this before in 100% ethernet environments and it's simple - the problem is PPP and the physical connection required to the PF box.

    Cheers,

    JD



  • Did you ever sort this out? I have been searching for a similar thread. We are replacing two Cisco units with 2 pfSense and have one Cable and one DSL WAN available.

    I initially was going to put Cable to one pf and DSL to the other. But then tried putting a switch between both modems and ran a connection to each pf from each modem to use a gateway group. But now how will the second pf handle the DSL connection.



  • We have this running for years now.

    Keep in mind that you need a subnet on both the cable and DSL (only 1 IP will not work with CARP, you need at least 3)

    Our cable is faster than the DSL, so I have set up just a gateway switch, when cable is down it switch to DSL (gateway groups)

    So if your cable and DSL have a subnet, you can connect them both to both pfsense


Log in to reply