WAN PORT WITH VLANS CONNECTED TO ISP AND IP ASSIGNMENT.
-
I have some challenge setting up Pfsense with vlans under the wan port and IP address assignment.
I have two internet connection to my office. I have one pfsense box with two NIC, one for the wan port and the other is for lan port.
I want to connect the two ISP services to the wan port. I have therefore created two vlans under the wan port and connected the links coming from the ISP into vlans I created on a cisco switch and trunk them to wan port on pfsense which has the two vlans under it.Now the issue am having is this, I don’t want to assign any of the IP from the ISP to the physical wan port but to the vlans under it. However, pfsense wouldn’t allow that. Pfsense requires I assign IP to the physical wan port. Can I just assign any ip to the physical port and then assign the IP from the ISP to the vlan interface created under the wan port.?
Am doing all this because I want to use load balance and failover features of pfsense.
Will grateful for any advice.
 -
Create vlan 5 and vlan 10 on the physical interface used for WAN (I'll call it eth0), then change the assignment of the existing WAN interface in Interfaces > Assign to VLAN 10 on eth0. Your IP and everything that currently exists on WAN (firewall rules, NAT rules, etc) will now be on the same interface but expecting tagged vlan 10. You then need to move your physical connection between WAN and the switch to a tagged (trunk) port and your connection to the ISP to an untagged (access) port on VLAN 10.
Do the same with the other ISP on VLAN 5 and you're done.
You will end up with two WAN interfaces. WAN_ISP1 assigned to VLAN 10 on eth0 and WAN_ISP2 assigned to VLAN 5 on eth0.
Untagged eth0 will be unassigned. Just leave it that way.
-
Hello Derelict,
I have done the same thing you are suggesting, however from the diagram you attached to your reply, the IP from the ISP are on the same subnet. With what i have here, each ISP is on a different subnet.
Am able to create the vlans under the wan connection, the only issue is the assignment of IPs. I don't want to assign any IP address from the ISPs to the physical wan interface but to the vlans under it. Pfsense wouldn't allow that. I know when a trunk port which carries so many vlans(router on a stick)is created on a router, the IPs are not assigned to the physical interface, it's rather the vlan interfaces under the physical interface.
It's the same solution i want to implement on pfsense and can't seem to find a way around it.
Is pfsense not capable of that feature? -
Dude, go read the post above yours once again.
-
hello doktornotor,
please have you read my posting the beginning?
may be I have to re draw the diagram for you to understand if you don't mind.
thanks
-
Yes, I did. The post above answers exactly what to do in exactly what order to get exactly what you want. No need to redraw anything.
-
-
however from the diagram you attached to your reply
That diagram is completely unrelated to your issue. You made your own diagram.
-
@ Derelict,
thanks, but can the idea i presented on the my diagram be successfully implemented on pfsense?
thanks
-
Yes. Just do what I told you to do. There is no requirement to set anything on eth0. Just reassign your existing WAN to VLAN 10 on eth0 and put it on a tagged port. Then create a new interface for the second ISP assigned to VLAN 5 on eth0.
-
Hello Derelict,
Thanks for your advice. I have configure the two vlans and connected it to the pfsense box and it's working. i can access the web from any machine on the lan now.
Am however facing some challenges concerning packages installation. evethough i can access the web now over the pfsense box i can't get my packages installed. i keep getting this error message
"Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity."I have checked all my dns yet i can get the packages.
any advice is welcome
-
@Derelict
Hi and thx for your (old) post. i tried this with a GS105Ev2 but did not succed. Does this switch is no capable do handle it?What i did:
The part on pfsense was clear to me and i did as you told
- created two new VLAN: 5 & 10 both on igb0
- Assigned WAN(igb0) to the VLAN10 on igb0
- Createt a new interface and assigned to VLAN5 on igb0
I did the following on the Switch:
VLAN Configuration:- Created three VLAN IDs: 5 & 10 (and 20 - later for the ports i dont have in use)
VLAN-Membership:
- I put Port 1 an 3 as Member of VLAN ID 5, where port 3 was "U" and port 1 was "T"
- put Port 1 a 2 as Member of VLAN ID 10, where port 2 was "U" and port 1 was "T"
- I put Port 4 an 5 as Member of VLAN ID 20, both "U"
Port PVID:
- put port 3 to PVID 5
- Port 2 to PVID 10
- Port 4 & 5 on PVID 20
I then plugged in
- ISP1 (192.168.1.1) to port 2 (member of VLAN 10)
- ISP2 (192.168.5.1) to port 3 (member of VLAN 5)
- WAN pfsense (expecting Gateway 192.168.1.1) connected to port 1 (Member of VLAN 5 & 10 and tagged)
- left port 4 & 5 empty as they are not in use
But it does not work. only if plug ISP2 off it works.
Any suggestions?***Its all good now, i did not configure the new created Interface "VLAN 5" to the end. I forgot do assign to a gateway and give a static ip (in my case: 192.168.5.2).
So now both WAN are online. However, what i found a pitty is that i dont see a way to customize pfsense in a way that i have the two interface load balanced for more internet bandwidth and at the same time have all the traffic "routed" out over 5 balanced vpn (mullvad for example) server).***
Best regards
Santo -
@Derelict
Hi, now everything so fine and load balancing over to WAN function as desired. Meaning I get the bandwidth as sum of both WAN. Now I have to questions:-
If I check "sticky connections" I no longer have the sum of both bandwidth. Its rather randomly once WAN1 or WAN2. Eeven mixed for Upload/Downlaod meaning it may occur that for download it takes WAN1 and for upload WAN2 but never both. It this the expected behavior?
-
How can I load balance the two WAN get both bandwidth added but still redirect all the traffic over VPN-Server (like mullvad, one or more sever)?
Best regards
Santo -
