Dual Wan + CARP + Captive Portal

  • Hi  ;D

    Since my question covers different subsections of the forum, I thought I'd dump this here!
    Hardware: Dell Dimension 2350 tower - 3 NIC adapter(2.0Ghz 1GB RAM)
                  Apec embedded epia firewall - 2 NIC(pfs embedded installed)              (
    ADSL1–\                                                                        /--pfsense2(CP)--(3 WDS AP's)
    8 static ip\                                                                    /
                  --pfsense1(Dual wan+load balancing+failover)-LAN-
    ADSL2--/                                                                          ---my personal net
    1 static ip
                                                /--DMZ(CP enabled)--3 WDS AP's*
    I originally had ADSL--pfsense--
                                                --LAN--my personal net


    The reason I changed my network design is because I didnt do enough RTFM and screwed up when trying to get CP+Dual Wan to work on the same box! :( I found out the problem as soon as I came back here and sifting through some posts.

    I have read people are achieving my aim, with 2 boxes, one acting as Dual WAN the other as CP, but I cant find any references on how to go about this, belive me, I've googled lots!

    I have tried various configs to get this to work on pfsense2, the only solution that does work is leaving NAT enabled, I've tried disabling NAT, bridging LAN 2 WAN, none of it worked for me.  I'd like pfsense1 to hand out IP's to pfsense2 clients, so I can use things like NTOP and BandwidthD to monitor client usage and downloads.

    Q1: How can I enable CP on pfsense2, let pfsense2 DHCP relay (clients) to the pfsense1 (the gateway has DHCP server enabled) and then present the clients with my ugly orange CP page  :D

    Q2: I have 8 static IP's on adsl1, does CARP work fine with Dual WAN? I plan to get 16 IP's on adsl2 at some point in the future as well.

    Q3: Am I right in saying that all the packages dont play well with Dual WAN?

    Q4: I would like at least proxy server, if it does work, Im guessing its best to have it sitting on the 1st box.

    Q5: Traffic shaping - is it best to have this activated on pfsense1 or pfsense2?

    If screenshots etc are needed please let me know!

    I apologise if i seem incoherent, I've been up all night/day trying to solve these issues, but my prime concern at the moment is CP as this system is in production, so any leads for this is very much appreciated.

    Oh btw, I followed this guide http://doc.pfsense.org/index.php/MultiWanVersion1.2 and its worked great for me, so no major problems with Dual WAN (except I switched off sticky connections as it was giving me issues ~timeout on some sites)

    Thanks in advance  ;D

    EDIT: Opps sorry, I just realised I posted this in the wrong section and should of gone to "General Questions", could a mod move this please?

  • Q1: This is pretty much straight forward besides the dhcp relaying. I would make he cp box serve dhcp for the clients behind it. Everything else is at services>captive portal n the webgui. You might want to shutdown nat at that box but that depends on your needs (for example logging needs at pfsense1).

    Q2: CARP doesn't work with pppoe but if you have static IPs there it will work with any number of IPs as long as all are in the same subnet. CARP will work fine with multiwan.

    Q3: depends what package we are talking about but in general packages can't make use of multiwan. They always will use the main WAN and the built in routingtable (system>static routes).

    Q4: a proxy running at the multiwan pfsense will only be able to use the main wan.

    Q5: trafficshaping on multiinterfaces is not really possible in pfSense 1.2. If it's enough for you to shape the wireless clients you can use it at the cp pfSense (LAN/WAN).

  • Thank Hoba,

    I ended up getting a microdrive and putting a full install on the embedded box (pfsense2), as I couldnt get pfsense1 to log anything.

    Anyway, ill come back to this another time.

    Thanks again for your help.

  • I'm really interested on the idea of having Dual WAN + CARP but don't know where to begin.
    Is this feasible? How many static IP/WAN connection are required?

    Hope you can point me in the right direction.

  • As far as i can tell 1.3 allows to do all this on a single box, it would be nice if you can give it a try and report if all went well!

    Remember that to loadbalance squid on 1.3 you have to add on the Floating Tab rules with out direction and selecting the quick option and selecting a gateway as you do for other loadbalancing.

Log in to reply