Multi-WAN and Compatibility

From PFSenseDocs

What is compatible with multi-WAN, and what is not?

pfSense-related Compatibility

The following are pfSense-specific.

Outbound traffic to the Internet

All services running locally on pfSense will strictly obey the system's routing table. This means they go out the primary WAN unless you have static routes defined that match the traffic. This only applies to services which initiate connections to the Internet, such as the DNS forwarder, and several packages such as squid.

Inbound traffic from Internet

From the perspective of traffic coming in to services on pfSense from the Internet, everything will function as desired if you are running 1.2.1. This includes IPsec, OpenVPN, etc. Releases prior to 1.2.1 contain some bugs in this area that you may encounter affecting service on OPT WAN interfaces.

General Load Balancing Compatibility

The following are issues with any multi-WAN firewall/router.

Web site incompatibility with changing IP addresses

Some websites do not work properly if requests from your system are initiated from multiple public IPs. Hence load balancing is incompatible with these sites. Common examples are sites that maintain login sessions, most frequently online banking. This is most commonly with HTTPS sites, so usually HTTPS should not be load balanced. Occasionally it is a problem with HTTP sites that maintain session, but this is rare.

Another common one people run into is YouTube. When connections to YouTube are initiated from multiple public IPs, the site does not function properly. Several pfSense users have reported this to YouTube, receiving a reply that it would be worked on. So this may not be a problem in the future, but at the time of this writing it is.

For sites that do not function with load balancing, you need to add firewall rules to not load balance traffic to these destinations.

Search

Personal tools

Views

Navigation

Toolbox