Multi-wan settings can increase Internet bandwidth, and bandwidth can be load-balanced and failed over as needed. If a connection is disconnected, traffic will be automatically routed to the backup connection.
In this tutorial, we will configure pfSense's multi-WAN settings to achieve load balancing and failover.
Simple Application Server
USD1.00 New User Coupon
* Only 3,000 coupons available.
* Each new user can only get one coupon(except users from distributors).
* The coupon is valid for 30 days from the date of receipt.
basic requirements
Two Internet connections from two different ISPs, the same ISP also works, but the gateway cannot be the same. It can be dial-up or static connection.
PfSense firewall with three network ports.
Two ISP modems with network ports
Static or dynamic IP from ISP
Monitor IP1 of ISP1-8.8.8.8 (google dns IP)
Monitor IP2 of ISP2 – 208.69.38.205 (opendns IP)
Detailed settings
Before starting, please make sure that static IP is enabled on all WAN type interfaces and the gateway is set up normally.
1: Configure the pfsense LAN interface
Visit the WEB configuration interface of pfSense through http://172.16.1.254, navigate to Interfaces> LAN
2: Configure pfsense wan01 interface (ADSL ISP1)
Navigate to Interface> WAN 01
Now, the first WAN interface is configured with a static IP. If necessary, you can set the type to DHCP according to the ISP1 modem settings. Next, make sure that the gateway IP responds to the ping to confirm that WAN1 is online and working properly, and then continue. Make sure the ISP #1 gateway responds to the ping to confirm that each WAN 1 is actually online
3: Configure pfsense wan02 interface (ADSL ISP2)
Navigate to Interface> WAN 02
Now, the second WAN interface is configured with a static IP. If necessary, you can set the type to DHCP according to the ISP1 modem settings. Same as above, we confirm that WAN1 is online and working normally, and then continue.
Make sure the ISP #2 gateway responds to the ping to confirm that each WAN 2 is actually online
4: Confirm that both gateways are online
Navigate to Status> Gateway to check the online status of the gateway.
If they are green, the connection with the gateway is normal, and the monitoring P needs to be configured here.
5: Configure monitoring IP for each gateway
Navigate to System> Routing, select the Gateway tab,
Click the edit icon of wan_adsl2_l1GW and set the monitoring IP to 8.8.8.8.
Next, click the edit gateway icon of WAN_ADSL2_L2 (ADSL ISP2) and set the monitoring IP to 208.69.38.205.
The gateway configuration has changed. Apply the changes to make it effective.
Update application, gateway configuration
6: Configure dual WAN link load balancing
Navigate to System> Routing, select the gateway group, and click the "Add" button to configure load balancing.
The settings are as follows:
Set the group name to "WanLoadBalancer".
Set the gateway priority of the two gateways to "Layer 1". Note that when two gateways are on the same layer (for example, layer 1), they will be load balanced. This means that, on a per-connection basis, the connection is routed on each WAN in a round-robin fashion. If any gateway on the same layer fails, it is removed from use, and other gateways on the layer continue to operate normally.
Set the trigger condition to "Memberdown".
Set the description to "My Dual ADSL Wan Link Load Balancer"
Finally click the "Save"> "Apply Changes" button.
7: Configure link failover
Next, navigate to System> Routing, select the gateway group, and click the "Add" button to configure failover.
When two gateways are at different levels, the lower-level gateway is the first choice. If the lower-level gateway fails, it is removed from use and the next highest-level gateway is used. This is how failover works on pfSense. So to set up link failover for ADSL 1:
Set the group name to "ADSLLinkFailover2"
Set the gateway priority wan_adsl2_l1GW (ISP 1) to "Layer 1"
Set the gateway priority wan_adsl2_l2GW (ISP 2) to "Layer 2"
Set the trigger condition to "Memberdown"
Set the description to "Link failover for ADSL 1"
In the same way, set up link failover for ADSL 2 and switch the gateway priority as follows.
Finally, click "Save"> "Apply Changes" to complete the load balancing and failover gateway configuration.
8: Configure firewall rules for the load balancer
Use the gateway settings on firewall rules to pass traffic to these load balancers, click Firewall> Rules> Lan> Add and set as shown below.
Click the "Show Advanced" button> scroll down> find the gateway option and set it to WanLoadBalancer:
Set the gateway of WanLoadBalancer
Click the "Save"> "Apply Changes" button to save the firewall rules.
9: Configure firewall rules for failover
Use gateway settings on firewall rules to pass traffic to these failover gateways. Click Firewall> Rules> Lan> Add and set as shown below.
Click the "Show Advanced" button> scroll down> to find the gateway option and set it to ADSLLinkFailover1:
Set the gateway to ADSLLinkFailover1
Click the "Save"> "Apply Changes" button to save the firewall rules. Repeat the firewall rules of ADSLLinkFailover2.
10: Client configuration
Assign all IP addresses in the following ranges to client computers:
Network: 172.16.1.254/24
IP range: 172.16.1.1-172.16.1.253
Default gateway: 172.16.1.254
DNS server: 172.16.1.254 (or 8.8.8.8/8.8.4.4)
The test from the client system (OpenBSD) is as follows:
$ ifconfig vio0
$ netstat -nr -f inet
$ ping -c 2 google.com
$ host cyberciti.biz 172.16.1.254
You can use speedtest.net for speed testing. When downloading large files using Torrent, you can use the command speedtest-cli to verify whether the bandwidth of the client computer has doubled:
$ python speedtest-cli
If an Internet connection is disconnected, you can still connect to the Internet through failover.
