Load balancer - it's not handling the vpn packets properly
manjula last edited by
I'm using pfsense as a firewall + Dual WAN router with Leased line connection(WAN) and ADSL connection(OPT1). My ADSL is a not Static. It works fine but I have few problems.
1. I can connect to remote VPN servers but not always >:(
3. I can't connect to mysql through
2. When I logged into a remote website forum it disconnects frequently and take me to the log-in page - I think have a session problem on it
session is not being held.
Can I solve this problem by using only one connection for above usage (Probably I can ask the balancer to use only WAN for VPN) But still I don't know how to do it since I'm new to pfsense.
Kindly help me to solve this
GruensFroeschli last edited by
If you are using MultiWAN and your local LAN should be able to connect to the clients connecting to your network:
You need to have a rule above your default rule (which has as gateway the loadbalancer)
with desination your VPN-subnet and as gateway the default gateway (displayed as *) NOT the loadbalancer.
advanced –> sticky connection.
But i remember reading somewhere about a problem with this feature.
Search the forum for more answers.
What do you mean with that? Do you want to connect to a database outside?
manjula last edited by
this is my fault, I haven't follow the pfsense's instructions properly. I could solve this problem here http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_Load_Balancing_pools
Setting up for protocols that don't like load balancing
Some sites (for example banking sites) get upset when requests from a single session come from different IP addresses. To avoid this, protocols that are likely to suffer from load balancing are setup to favour 1 connection.
Note that use of the sticky bit (see above) should avoid this issue. If you are not using sticky bit, you definitely need this.
For each protocol that needs to be handled this way you need a rule on the LAN interface; the sample below is for https (port 443). The values marked in bold are the ones that change for different protocols.
These rules need to be above the final load balancing rule, and below the rules for DMZ access.
Source: not unchecked
Source: type LAN subnet
Source OS Any
Destination: not unchecked
Destination: type any
Destination port range HTTPS
Log checked initially; uncheck when known to be working
Gateway WAN1FailsToWAN2 - or WAN2FailsToWAN1 as you prefer
Description Route https through one working connection
Other entries you are likely to need are SSH and POP3. For these just replace HTTPS in bold above with the protocol you requre, and amend the description.