Multiwan With VLAN'ed Router In A Box
I'm helping a friend setup a multiwan network for a not for profit. It's a rural area, and internet connectivity is limited. They're currently juggling 3 connections between users, and a growing number of devices, which isn't working very efficiently. Multiwan I've setup in the past and works well for this kind of scenario to load balance between users. We only have a small budget/existing equipment, and from what I understand the most "compact" way of doing this is the "Router-on-a-stick" setup, via VLANs using a managed switch and a single Ethernet port on the PC that is running pfSense.
We have 3 internet gateway connections (incoming over wifi), 7mbps down, 2mbps up, which are already NAT'ed behind the ISP's firewall. Bridging can't be setup on the wifi receiver, as we don't know the IP addresses from the ISP in advance, it's purely a DHCP situation. Nor can the connections be "bonded" via cooperation from the ISP. This also means we're having to double or triple NAT, that is the traffic is NAT'ed by the ISP, NAT'ed at our wifi receiver before the pfSense firewall and finally NAT'ed out to our local network, which seems to work ok with the connections individually, but I know it's not the ideal.
Here's a diagram of what I'm proposing. I'm new to VLANs so there's some learning overhead for me ! And apologies for simplicity of diagram, it's best I could do in Paint …
My main questions are :
Can we put all our devices including the incoming gateway connections on the same subnet - 192.168.1.x ? Or will we need to give each gateway it's own subnet, so for instance 192.168.2.x for wifi 1, 192.168.3.x for wifi 2 and 192.168.4.x for wifi 3 AND then 192.168.1.x for our local internal network ? And will we be able to access the wifi receivers from our local network, and if not, how to make this possible ?
Presumably the VLANs (100,200,300) then translate into "virtual" interfaces in pfSense, and these interfaces can then be the "in" gateways for Multiwan. With pfSense then taking care of DHCP and routing on the local side of things ? And, do we actually need to be using VLANs at all, if wifi receivers are setup as 192.168.2.x, 192.168.3.x and 192.168.4.x ?
Much appreciated - Any advice on setting up the switch, as I've not worked with VLANs before, nor Router-on-a-stick setup !
I think this is what you should do :
All wifi WAN on seperate subnet say 192.168.2.0 , 192.168.3.0 , 192.168.4.0.
Connect the wifi WANs to managed switch with vlan tag 200, 300 and 400.
Connect the pfsense box to trunk port of switch.
Create vlan tags 100,200,300 in pfsense box. Create seperate vlan interface for each tag with interface ip as 192.168.2.1, 192.168.3.1 and 192.168.4.1 and upstream gateway as 192.168.2.0, 192.168.3.0 and 192.168.4.0 respectively.
For configuring the switch you should look into product manual. In general, in L2 switch there is one port configured as trunk port where pfsense box is connected. The rest of the ports to WAN with different VLAN tags. When the packet pass through them it attaches a vlan-id tag to it.
good luck and have a nice day