Multi wan at multi location



  • I work for a family business and we have been having a bit of trouble getting a faster internet connection currently adsl so this is what i have put in place

    currently we have a pf box in the cabinet at work that has 1 lan 1 wan and an opt lan which is attached to the wireless bridge that shares to another field site and my home.
    What i want to do is get another internet connection at my home (hfc) second to my connection and have them balance with traffic being sent via the 50mb hfc connection when possible but certin pc's using the other two adsl connections.
    Sugestions on services to read on and ideas would be appreciated

    work config
    lan 192.168.1.*
    wireless bridge network 192.168.5.*
    wan 10.0.0.* adsl

    i have a pfsense box at home as well which has
    wan - adsl 192.168.10.*
    lan  192.168.11.*
    lan2 - wireless bridge 192.168.5.*
    wireless pci adaptor which feeds an omni in the house 192.168.12.*

    for example the field office which is associated on the 5.* network would use the office 10.0.0 and my wireless at home would use the 10.* tho my home lan can use any connection same as the office lan

    also in regards to the hfc connection is it possible to put a small switch in on my home wan and have a vlan configured for its ip or is it better to put another card in dedicated for it



  • You can just policy-route some office to internet traffic across to your home with Firewall Rules on the office LAN.
    Add a gateway on the office system pointing across the wireless bridge to home pfSense.
    Add a gateway on the home system pointing across the wireless bridge to office pfSense.
    If you want to route between internal subnets at home and office, then add static routes on each pfSense pointing acroos to the networks that are at the other side. Put rules as needed to allow the traffic at each interface where it arrives. (You might have already got this far, since you have the wireless bridge, I guess it is used for something)

    On the office pfSense LAN you can put rule/s that match some source LAN IPs… and the send the traffic to home wireless bridge GW. That traffic will be forced out that way. The return traffic should get back OK because the home pfSense has a static route back to the office LAN.

    If you want to load-balcne then I expect you could put "home wireless bridge GW" as the upstream gateway on the office pfSense wireless bridge interface. That would make the wireless bridge interface act like a real upstream link to the internet - the office pfSense would just see the home pfSense as if it is some upstream "ISP" gateway. Then you can give it a useful monitor IP, put it in a gateway group, send traffic to the gateway group with rules... just as if it is a real 2nd internet connection (which actually it is).

    And the reverse should work also, so that the home pfSense can think that the office pfSense is upstream for some traffic - if you want some home LAN traffic to go out the office internet.

    On the VLAN topic. I don't like to have WANs using VLANs, just because when your internet is all down it is an extra step in the upstream chain of devices that might have gone wrong. It is a pain to be convincing yourself that the VLAN switch is all good, as well as sorting out the internet connection...

    So for a multi-WAN multi-LAN configuration I like to have a minimum of 4 interfaces:
    WAN1
    WAN2
    LAN - on a real interface so it can really be accessed when the VLAN switch configuration is gone.
    VLANs - trunk port going to the VLAN switch that can have however many extra interfaces you need in VLANs.



  • have implemented the gateways on the respective network cards

    home points to the office ip and the office to the home ip all is fine there remote desktop, file sharing all work fine tho,

    the office cannot see the gateway on the home and gets an offline when trying to ping the lan side, all traffic seams to be one sided favoring the home connection, i cannot ping from the office lan to the home lan tho i can ping the home lan to the office lanyet the rules are identical