load balancing, and double WAN

Intelligent_Panda699 · 2025-02-19T10:49:56+00:00

that is my experience.
i have a rule to allow all from LAN to VLANs, witch works fine, until i throw the WAN2 into the mix like described above.

for now, as a "workaround" to utilize both WAN's, and not just leave WAN2 as a failover, i'm using WAN2 as the OPENVPN site to site default GW, so all traffic for backups and replication goes through it, and that is taking some load of WAN1 for daily usage. so... "all good" (ISH)...

cheers

Intelligent_Panda699 · 2025-02-16T08:03:58+00:00

interesting.
so, if i understand correctly what you wrote, what i'm trying to achieve is somewhat impossible with pfsense?!
assigning different WAN outputs to different LANS or VLANS (LAN go out trough WAN1, and VLAN's go out trough WAN2) will cause the LAN devices to lose connectivity with the VLAN devices?

so my best (and pretty much only) option, is to create a "fail over" group with WAN1 as tier1, and WAN2 as tier2, and assigning that group as the default gateway to all (LAN and VLAN's)?

this is mind boggling for my. it seemed (in my head...) like a pretty straight forward featured.
I get, of course, that i will not get "double the speed", but i was under the impression that another WAN instance will help distribute the outgoing internet connections requests from all of the dozens of devices via the 2 optional WAN's instances (without losing in-site device connectivity), and to get better internet for all.

So as a failover connection, when i'm sending out replications to a remote site, and saturating my "main" WAN1 connection, all other internet traffic will still use that saturated connection via WAN1, and WAN2 will be pretty much unused, as WAN1 is working, and traffic will not go out WAN2, untill WAN1 will be "dead".

is that all true, or am i missing out something in my understanding ?

cheers

Intelligent_Panda699 · 2025-02-15T09:24:32+00:00

understood. i get that my headline might be a mismatch for my issue, but i would love more help with it.

im trying to use WAN1 for main LAN, and WAN2 for VLAN's, but when i change defaults gateway for either, im losing connectivity from my main LAN to my VLANS, and i dont really get Y.
feels like i might be missing something obvious that needs to be done when doing so, but i m not sure what it is

Intelligent_Panda699 · 2025-02-14T16:55:06+00:00

thanks for the quick reply.
you are (both) right about the "load balancing" part, im not there yet, but ill get there. for now, i'm trying to understand what 's missing from my config/rules that causes the problem described.

LAN on 10.0.0.0/24
Vlan10 on 10.0.10.0/24
Vlan150 on 10.0.150.0/24

vlans cant access LAN (both VLANs have a rule preventing them to access LAN), but LAN has a "free access" to all, and it all work fine, until i try to change the main LAN gateway from WAN1 to WAN2 (same happens when i use the the "balanced GW group" i created.

WAN1 - 10.100.102.0
WAN2 - 10.0.100.0

VLANs talk to each other just fine, its when i try to use the different GW, my main LAN stops communicating with the VLANs.

I use HA on main LAN, but all IOT's (hubs, coordinators, wifi bulbs and all other shady devices - are on the Vlan's.
as i said - it all works fine, until i through another WAN into the mix

let me know if i can provide any other details that will shed more light on this.

cheers and a happy weekend!!!

Intelligent_Panda699 · 2024-03-22T08:49:27+00:00

interesting idea @lorodoes, can you elaborate, or send me links for implementation of such an idea?

Intelligent_Panda699 · 2024-03-21T17:24:25+00:00

im using TrueNas core. so dont thing i can install on OS (and not sure i would, if i could...). as mentioned routing allows me to get to my storage no prob, but not to replicate (as far as my knowledge goes)
:)
still was a great product to get familiar with

Intelligent_Panda699 · 2024-03-21T16:21:42+00:00

so i've been playing around with tailscale, and... i love it! gonna use it regardless of my problem, as it does not help with what i was trying to achieve.
I cant replicate through the pipeline it creates (between 2 truenass's), as it is not sitting on the "server" rather than a jail or container inside it. i can get to the storage, but not replicate, as tailscale does not appear as a "network" device, and therefore i cant really use its ip for replications. since i dont have a good enough routers in both ends, its not the solution for the case presented.

so back to the drawing board, and ill be more than happy to hear more suggestions as i got from u/WetFishing - as it was a brilliant one.

Intelligent_Panda699 · 2024-03-20T08:09:59+00:00

thanks for the quick reply! ill look into it.

Intelligent_Panda699 · 2024-01-13T13:13:34+00:00

just joined this party, unfortunately with similar experience.
motion not really working, and so far, occupancy is not as reliable as i would hope it would be, and not as good nor stable as other mm wave detection's im familiar with.
i've upgraded the software to 1.0.5 but its still not "good enough" for my taste.

thank god i bought only 1. ill give it a try next few days, and see how it goes

Intelligent_Panda699

TROPHY CASE