Load balancer - it's not handling the vpn packets properly



  • Dear friends!

    I'm using pfsense as a firewall + Dual WAN router with Leased line connection(WAN) and ADSL connection(OPT1). My ADSL is a not Static. It works fine but I have few problems.

    1.  I can connect to remote VPN servers but not always >:(
    3.  I can't connect to mysql through
    2.  When I logged into a remote website forum it disconnects frequently and take me to the log-in page - I think have a session problem on it
    session is not being held.

    Can I solve this problem by using only one connection for above usage (Probably I can ask the balancer to use only WAN for VPN) But still I don't know how to do it since I'm new to pfsense.

    Kindly help me to solve this
    Thanks  much!

    Manjula



  • 1:
    http://forum.pfsense.org/index.php/topic,7001.0.html

    If you are using MultiWAN and your local LAN should be able to connect to the clients connecting to your network:
    You need to have a rule above your default rule (which has as gateway the loadbalancer)
    with desination your VPN-subnet and as gateway the default gateway (displayed as *) NOT the loadbalancer.

    2:
    advanced –> sticky connection.
    But i remember reading somewhere about a problem with this feature.
    Search the forum for more answers.

    3:
    What do you mean with that? Do you want to connect to a database outside?



  • Thanks Gruens!

    this is my fault, I haven't follow the pfsense's instructions properly. I could solve this problem here http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_Load_Balancing_pools

    Manjula

    Setting up for protocols that don't like load balancing

    Some sites (for example banking sites) get upset when requests from a single session come from different IP addresses. To avoid this, protocols that are likely to suffer from load balancing are setup to favour 1 connection.

    Note that use of the sticky bit (see above) should avoid this issue. If you are not using sticky bit, you definitely need this.

    For each protocol that needs to be handled this way you need a rule on the LAN interface; the sample below is for https (port 443). The values marked in bold are the ones that change for different protocols.

    These rules need to be above the final load balancing rule, and below the rules for DMZ access.
    Parameter Value
    Action Pass
    Disabled unchecked
    Interface LAN
    Protocol TCP
    Source: not unchecked
    Source: type LAN subnet
    Source OS Any
    Destination: not unchecked
    Destination: type any
    Destination port range HTTPS
    Log checked initially; uncheck when known to be working
    Gateway WAN1FailsToWAN2 - or WAN2FailsToWAN1 as you prefer
    Description Route https through one working connection

    Other entries you are likely to need are SSH and POP3. For these just replace HTTPS in bold above with the protocol you requre, and amend the description.


Log in to reply