pfSense Multi-WAN Configuration: Part One

pfSense multi-WANpfSense incorporates the ability to set up multiple WAN interfaces (multi-WAN), which allows you to utilize multiple WAN connections. This in turn enables you to achieve higher uptime and greater throughput capacity (for example, if the user has one 1.5 Mbps connection and a second 2.5 Mbps connection, their total bandwidth using a multi-WAN setup would be 4 Mbps). It has been reported that some pfSense deployments have used as many as 12 WAN connections, and pfSense may scale even higher than that with the right hardware.

Any additional WAN interfaces are referred to as OPT WAN interfaces. References to WAN refer to the primary WAN interfaces, and OPT WAN to any additional WAN interfaces.

There are several factors to consider in a multi-WAN deployment. First, you’re going to want to use different cabling paths, so that multiple Internet connections are not subject to the same cable cut. If you have one connection coming in over a copper pair, you probably want to choose a secondary connection utilizing a different type and path of cabling. IN most cases, you cannot rely upon two or more connections of the same type to provide redundancy. Additional connections from the same provider are typically a solution only for additional bandwidth; the redundancy provided is minimal at best.

Another consideraton is the path from your connection to the Internet. With larger providers, two different types of connections will traverse significantly different networks until reaching core parts of the network. These core network components are generally designed with high redundancy and problems are addressed quickly, as they have widespread effects.

Whether an interface is marked as down or not is determined by the following ping command:

ping -t 5 -oqc 5 -i 0.7 [IP ADDRESS]

In other words, pfSense sends 5 pings (-c 5) to your monitor IP, waiting 0.7 seconds between each ping. it waits up to 5 seconds (-t 5) for a resoibsem and exits successfully if one reply is received (-o). It detects nearly all failures, and is not overly sensitive. Since it is successful with 80 percent packet loss, it is possible your connection could be experiencing so much packet loss that it is unusable but not marked as down. Making the ping settings more strict, however, would result in false posiitives and flapping. Some of the ping options are configurable in pfSense 2.2.4.

In the next article, we’ll cover WAN interface configuration in a multi-WAN setup.

External Links:

Network Load Balancing on Wikipedia

Configuring Dynamic DNS in pfSense

pfSense DDNS

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames and/or addresses. The term is used to describe two separate … [Continue reading]

Video: Configuring Dynamic DNS with pfSense

You may want to set up a domain name for your home or SOHO WAN IP. This video demonstrates how to do this. In this video I cover: What DDNS is, why you might want to use it, and different methods of implementing DDNS Configuring Duck DNS on the … [Continue reading]

IPsec VPN Configuration in pfSense: Part One

IPsec VPN

In the previous article, we covered how to set up a PPTP VPN connection in pfSense, and how to connect to it in Mint Linux. Since PPTP relies on MS-CHAPv2, which has been compromised, we probably want to use another method if security is paramount. … [Continue reading]

PPTP VPN Configuration in pfSense

PPTP VPN

A virtual private network is a means of extending a private network across a public network. The public network is most commonly the Internet, although not always. It enables a computer or network-enabled device to send and receive data across shared … [Continue reading]

Video: Upgrading a pfSense Firewall

This week, I upgraded my pfSense firewall from version 2.2.3 to 2.2.4. This video documents the process. If you're running an old version of pfSense and want to bring it up-to-date, all that is required is a few mouse clicks and some time. … [Continue reading]

Video: Configuring a Second WAN Gateway in pfSense

This video describes how to configure a second WAN gateway for a multi-WAN setup in pfSense. [Hint: It doesn't take long.] … [Continue reading]

Video: Setting Up VLANs in pfSense

A single layer 2 network can be partitioned into two or more broadcast domains so we don't have to add switches every time we want to add another network. This video shows how to set up 802.1Q VLANs with pfSense. … [Continue reading]

Video: Demonstration of Squid Overriding Firewall Rules in pfSense

One phenomenon I initially didn't understand is the fact that once Squid is enabled in an interface, it overrides any firewall rules you might have for ports that are controlled by Squid (80 and, if you enable the SSL proxy, 443). This is important … [Continue reading]

Breaking News: pfSense 2.2.4 Released

pfSense 2.2.4 has been released, which incorporates multiple security and bug fixes. Some things you probably should know about this upgrade: You can upgrade from any previous version straight to 2.2.4. It is considered a low risk upgrade. It is … [Continue reading]

© 2013 David Zientara. All rights reserved. Privacy Policy